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imrnmu for? ±xmmmtt 

fSKfflx-? isZtetl& 1 <7>lEte#ak . 

jLiE^-^IIWffifgk. T?*Xjflg|gfE<0#8tfi!?& 

ffijJ&ti?lfi£IE1£?-&§S 3 OiEIS^ak . 
-LfESiS 1 OEttftitfcftttS fit l^BBfflf-^ k , 
JJ3S 2 *>ett#a£1Z1f £ ftT^I. JhfE-x-lf WIRT 
fiffSk. JJE»3WiElt#«WE1i(FiiT^*JJEKH 
ffl*f»tiWBk tcWfeOfW** tTlPHf-^ ft^fifc-f 

T^SvIkft^riiBDiT^tJtS^afcftfl^-ai 
k £#&k^&T?-fe.X»f&l2aE§£M. 
[3H**2 3 k *>. JJE»2<»!)E«#Sfc . ± 

ewr-^^^afc**, nn^-tm/im^m 

mmf~^^t^mbi)K ic t-vKb-vim-sim 

im&4 3 -htsiEBBx- *£j£*a#, m 1 
»i«oaw¥«ii, ±E»2«aa«*«t=aEitsitTv» 

k LT±fer?*xg*&!giE^^tif&ftJitfJU 

<0«Rk L-CtEBEH-?-* i k ft#S£k-f 

[ffi^JS 5 3 iEKWf- ?£j£#a#. « 3 ««I 

*ak , as 4 com&^mb . m 5 <r>m%*fkb ^a>m& 

m3tf>«W3«li, Jd^l<0Elt¥a«E1t3*rcv> 
£fgBfflT-?k. Jje*3*«ai#aWE1tSft.T^ 

S&4 , JJE* 1 fl«Elt#Rt=Klt SjUT v > 

SlSaEfflT-^k. M20fE1i#afc:fEti3ixTV>S;2. 

— r^iiffi-tpsk izm%<7)stnzmv. 



zimbi-mimiJbm3gffl<?)T?±xm&mm 
a. 

[ffi&R6 3 4*5r< k it , JUBR2 <7>tE1g #Sk „ _L 

ww-& £kft bus: s> ty>s Rw^a+tcfis* 

S*tTV^4£ktW»k-f*IIH»B5ft:Ea<0T^-fe-X 
[«*I7 3 <KK k t» . ±§£^2 £0f21t¥ak , _t 

i»4oaa¥ak36*s ic*-H*k*^anp«iiKr/h 
aadBaktT««s*iT^*ik^»ak-*-*ii* 

[ft^H8] ±fE7 ? -te ^KtS|gU<7)^® ffifS^W 

msm*mizfiiRi-tm^\Mzm^xe&it 

^t-f !> _hlEiE H J-r— ^ ^'IglOT^- ^ ft jE L < L 
i>^T**> S i k ft«iiE-r S £ k ftW^k ftMRft« 1 

mmztm&m^ttmx'X)*). ±xam?-*£j&?& 

^\MZm^XJEL< WWtLfcfcWCfcft CI k ft«SiE 
•fS^ k ftWiijk-rSff^S lJ 7 ;!?? fcKtt<0T^-b^ 

[iim i o 3 ±isr ^ *xmmm£cr)%t®imtfT 
: J?>i>m2,m&izi$vzm2>mx'$>*). jjekb^-^ 

^^SA^-f^iieiiE^x-^^', ±IE!2IIffl-f- 

^;H*Tft5l k ft«SE-r h Z b ftWSk f *IWW 

17bS7tclE^ior^-tX«=fS|gii^a. 

•3. r^-fe^*^f2aEc?)i«FS1f?B**^-*-CfcS£k 
fiESffi. 

[sim» 1 2 3 Bt^-fbraia^raiiBt#MScTft o x 

T^*X««MwWfSflHB««Bt«^fc4 ^ k ft#S 

k-r -&it^i i feiBawT^-fe^wssaEieit. 
1 3 3 vmmtHgffiTt 0 . 

T?*x%temm(on®imtf&mw®mx'$>& z b ft 

#3£k -r-5.lt ^8 1 feli 9 CCfE^OT ^-tr ^SfttBS 
US. 

imsm 1 4 3 ±e» i mm^mb . ±iam 2 *m 

«#«k, ±E»3<0Ktt*afc. JilElEHJfx-^^ 

^ak^awES^aETOf-^itfaeak . 

JJEEHf-^aBE^ateani.. I^Effl^-iJ'ftlEli^- 
■l»m40lE1S*ak, IEBJx-^ftia^rS^5£7)IB1t 

^mmztimwT-fwmwbtf. s^izmsi-i 
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mmgmiz&^x. 

mm7 ! ~?mmw.&. »4«>Eit^«teE*s*ro* 

sisiEfflT-^ zmm7-f!&sms.v>n 1 <deh## 

1 ^lE^SCS^a^^JJeiEiEfflT-^^ t tic 
- f: ^iRffSrrSIt** 1M13 iZim<7>T?±X%te 

5^fe'(g#s(c»t!a ! sti.^aEBB7 j -^* < «triESua:-c& 
mt-t&m&igi 4 £E*or?*xwMHBRii. 

lEIgrT-Sm 6 *>E*¥Sfc » IZlEJBfJIx-* *EtK"t 
*705E*¥»i:fcfll;U 

fljR^&¥@itt^jft tats* »flt 6 & a 

■HHf-^IIBMBi, aS6<aEtt#«fcEttS*ro> 

t» 7 «>e«#«k:e*s*i.t v ^ zmmmT—? 

mi 4 (cEM*>T? -feXlH&BiESK. 

«ifc^W»fc-*"*lll«fl!l 4£E3£?)r?-fex«*&!2 
SE5IS. 

[M&B18] «^HHRjft«ffin*>fcfctW>RSA& 



fJPDI'T-*tJaE#aU:. *50>£1t¥«t£*&&&*L*: 
SE^H"T — * R £ E il L fcfg* t , £4*)E1l#Rfc:Ett 

Sii: (R s mod n = C mod n) Srtfc 

1 stci^ior^-b^s 

tefgiEHB. 

[IIMI19] Bf#'fljgjB#&ntf)t>i:Ttf)RSA& 

^KiSnWttt'ESL-JttK' ( =K E mod 
n ) X'h *) , 

±E£UR£Jft¥£B2. Lfcagfc r n t fc te 

r«K" mod n ) MMEJH^-* fc LT*IE*4 ' 
«E«*Sfc»*aA. 

.■HH^-^KBBySHi, *6«E«#R(cEttS*rO* 

*tfc»4:, WERfc^n^fefcr^ra-r**;!: . 
(K mod n = r-!R mod n ) SrJ&aE-fS .1 

t -r&mm 1 6 iztemvTr-bx&mmm. 
a. 

JJK* 3 «E*#RfcE»*it* iEBJfflagOfffg t 
WED *»6 JbE»2 «Ett#atcEllSft.*3.— !f 

SSffigcfitu ( =G ( n . e ) ) b n<D*J =y~W4> 
(n) kcr>m&mZ-T&t>tl&7 : —? (t = D-e+o 

* (n) > T-abO. 

±3mW7-9$U$L^m± WEtfc,«Eefc % *l 
«5E«¥SC«a4nfcBaEffl'r-^Cfc*»fe, 
^>fefc-CC«D3|6 (C» mod n ) *ft«f & Z t 
izX -oTfJEiEHHx-^ £ £JW* - fc ftfttktill 
«3ll 84fclil 9tcE®<7)T^-feXjtlS^iE^a. 
[11^2 1 3 ±EaEB#f-?£j£#K#. ^3^tH 

<C* mod nJSrtfffL. 
^4<o«fl:*gS{±. WEanofckrmEcotBEe* 

<C« mod n) SrU-ffU 
^5<0SIS[#a(i. WE»n^)fck'Cail*Jj:t«B2^> 

R( = C»C« mod n) Sr^-rSit^^tk-r 
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inssm 2 2 1 mzm 2 mm^mRvmsdm 4 torn 

312 1 fclB&^T^-fe^atgigaE^g. 
[ff*«2 3] BW^#&n?)*>fcTtf)RSA& 

^mm e t mm. n t £0^«?H&HgaMF 

(n, e ) *MZ-X'&hiX& : f—}r ( t =D + F ( n, 
e) ) X'h*). 

JJfflWr-*£lfc#BHi, «fflEt t . fiCe b . 1ol5 

* 1 wEH#atc»*a4 ftfcBKHH'-* c & , 

ftntfDkkTCGDDSI (C» mod n ) £tttltt~& 

[fftft* 2 4 ] ±IBfI^x-:?£j£#&#\ SB 3 *>St 
«4*>**#«fc, IS 5 

SS3«o*»:#SML mfBanOfct-C'frieccomlSt^ 

(C* mod n)Mtt*U 
f&40«3=?&l2. ffiEKn^fcfctrttEC^IilEF 

(n, e)«(C'i».«)mod'n)ttt»U 
*5<0*«#Btti. 1fflE£n*>ifct\ *3«««#a 
«>SttWS*fc» ^4c?)}SS:¥a^ffSiiSm^i^i5:« 
tSifctei-pT. iHBx— ?R (=ctC-r(n,e) m 
od n) fc1«Rfc-«||#«2 3 WE 

©COT 7 -fe *3MgfglI§IB. 

[ If^JS 2 5 ] iwieSI 2 Orat^KAZflffiEflU 05* 

ig-He 1 lman^Iltftl.0> 7?*X« 

flMSTWfcPET* 9 (DE mod p-1 = 
1 ) . 

$ itX v fglEffl tt - 9 C 4: p co %» b X-^mx h 
d b ( R B mod p = C mod P ) Sr^iE 

[fits* 2 7 ] W<»flaBto6 t ifep^)fc fcWP o h 1 
i g — H e 1 1 m a n^HftilfC& 0 . 7 ^-bAf 

fiS'<?)tt* J E'C'<b 0 (DE mod p-1 = 
1 ) „ 



?K&m P (7)i>bTEmLtz®:K' (=K« mod 
p)T*»K 

*US»fc, 1WEK' fctt6p*>fcfc"C*&fc*C ( = 

r ■ k • mod P ) *mmf—? b vxwbma 

l^Mr comp^bX-c^mt:. iEBflx-*£j£§£8 
tioTSIS «E«*RC»* a**UtEWf - * R 
fUtfc&k. lineKi:*»Sp^ii:f -^IWITS) Sit 
(K mod p = r'R mod P ) £8HEt" 
fctfWfc^-ftllMSBl 6fcEtt*>T?-fe.**ttBlES 

a. 

[fWSf28] W#flaBfc&%p0>t,fcT«>Poh 1 
ig-He 1 lman*B*Mfr??&9* 77*** 

ffltWETib 1 ) (DE mod p-1 = 
1) . 

±ies&3 mm^mzmmztL& mmmMm t a* . 

WEDt, JJE»2^rat^J^K«**i.4JL--1fffl«' 

ffi?Sef:HfllBptt:&iWS^N«^14B®afflF (p. 
e ) »JniT»^*l*7*-^ ( t =D + F ( p , e ) ) 

JJBlP&T-*£j£¥&i±> WEtfc,t»Eei:.»l 

OfckTCODSR (C» mod p ) S-ff-g-fS £ 

^2 6 a*:f42 7fcSB»5r^-fc^waa8iaai. 

[M&B2 9 ] ±i£EBJ^f-?£j£¥S#. ^3^ 
. SS4 <0}H®*gi: , ft 5 comn^b *>^=5: 

S3<os«^g«±. mria&pot kT-mfiac^ifriet^ 

(Ct mod p)frf«H^ 
m40^ft^gl±. IMEifepWfcfcr. HtfEF (p. 
e) ttimt VX. WeCtfV***! (C'^--> mod 

P) SrtfSLL. 

»50jBJt^gBi, «fBffip<0<.kT. *3«)StJt#a 

tSit^ioT. IEHHt-^R ( = C t C-^(p.«) m 
od P ) tr£j£^S.I2:£#Sj b -tzm&m 8 te8E 

imtm 3 o ] miEm 2 ^iB«#sa^Bfftsm4 
[a^s 3 1 3 p . ^«7c a<o t -c- 

OE 1 G am a 1 &Mfft9T2b 9 . T7-fe^*1SigiE 
*^YT* 0(Y = a" mod p). 
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u #±IEa £&P <0i> fc"C*3*a«z LT^ 

SStLfcimbO (u = a' mod p), 

^ZmLfcWLt. T-9KbC?>mThhtZ (K' =Y 
z K mod p ) % 

±mm7 ^m.^mzmmmmf-^ t ixurvk ■ 

K' (Cftp^kfcTSiitJt&C ( = rK' mod 
p) i:S:IgEffl7 J -^i:LT|ine®40ieig¥gtc*S 

a*, 

K J: o xm 5 CDlB't&f KKS # a**ifclB#?-* R(C 
?Ht*:&2:, MieKf:*iapcot,i:T-^llTS)Sii: 
(K mod p = r''R mod p ) Sr^?Ht"SC 
t Mh-f SIMS! 1 6 fctBSW? -te^jMSfgEil 

[ff*« 3 2 3 Bf^-fkKlgcA^P . ±j£7CaOt i: «C 
WE 1 Gam a l^^Bf#TftO. T?-fe*»f§tglE 

&YX'$> 9 ( Y = a* mod p K 

mnexiz, ±ig^2wie^gfcfa(i$^Si— ifii* 
tpge ^mbp i: iztm-?timmmm.m ( P . 

e) *tiaiLX%l>iX& ; r—? (t=X+F ( P , e) ) 

apfOttt, CSr±|Buc7)X*T-S<]-o^St (Cu-* 
mod p) fctf-Sr^SCfc^J^TiiEaWf-?*: 

i t &&Wit~tzm3tm3 1 tztsnmrf 

[»**3 3 3 JJBHW-r-^±«#gfa6*. SS3 coiS 

»3*>iJW*Hli, WRffi P TUB u ^)1«E t« 

( u» mod p ) £ifS:L* 
JB4«aW^BBi x MfBSp^fctT-BiriBuWifflBF 

(p, e ) SI (u F <f' e >mo d n)£fH£U 
JS5<0«a^BBi, ffiRffipOfci:?* JJEC£iS3tf> 

»t«S**JHC.4ifc(cJ:oT, fBH^-^R ( = Cu 
-t u F(P.«) mod P ) ££j£-rS£i:£!f#f&fc-r& 
3 2 fclEfKOT ? -bX^tSlgiE^S. 

[ ansa 3 4 j nefli 2 c7)iBii#aR^W£^4 oat 



E 1 Gam a 1 0 . -fe^«*g^liEWW@W 

fgtf-^fgXTfc 0 . «Xfc»JW44MMW*YT* 
0 (Y = a* mod p ) . 

ffi.W7-?tm^m±. &5v>m&^mzwz&ttvtz 
*4 v%m*mzw&%tvx \ >s mmm^f- 9 c £«t& 

fcLT^*JHLfc*fc. _tfEY£R3llL*:fittR2:S5t 
mod p = Y R R s mod p ) ZtoMtt i i: 
B. 

[1^836] ««PSK«%P. £6£tc a O 
E 1 Gam a 1 S£T'& 0 . T 7 -teXj«if2tEO*f®tit 

$s**-*-^iixT'*) o . axfcsawi^tt&JY-cfc 

0 (Y = a* mod p), 

-ties 3 (rytm^mz^mtih wmmtm t a*. 

flHBefcWIEpfcfcflaSPrWNRaSBBRMF (p. 

e) £HQz.xnt>tl& : r-? (t-X+F (p, e) ) 

x-ho. 

±|£a<?5k*^R ( = a k mod p) tU iEt 

-^Cs&»6. Sp-lc0t>i:-C. C^Xtr^?| 
vvfc»fck^a»»£3lit6£i:fc:J:oT» s (= (c- 
RX) k-' mod p-1 ) zwrn+zztzmib 

■tzwmms 5izmt<7)T?*x%:isimmw.. 

^^ffifg^mflBaWc^-r^Bt^^tc «t oTflf 
t i> <nx*> o . * l «aw#Ri4Uaa.— tf^HI 

iB-ri. z b zmib-t mim* ^sm^r^xtesk 

h mm 3 8 \,zw®p>t? -tx&msmns. 
m»m3 9iz=fficDT?*AftmmEms. 
i-zm^3 8izm&<oT?±xmstmmw. 

'[M#94 2 3 ±SBEBH7 r -t5'«lE#g{i, Bf^-^$ 
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titz t- 9 x h -6 ±mmm -t- 9 *> & v t ±±m mm 

Si:, HM^fkbttL. 

mt. msvim^mzimztix^&^x'f-fzit 

ST'fcS bWSrttZ b *imb-fZffi%m8Z fcte 1 
tit:?- 9 X'h S JJfilEaEffl-r- ? * S V ^i_hfEfg|Effl 

I§mm4 4 ] JiiflEBJx-^t&IHMSte, 7°n^7 
A!£fT^g£#^ iiBISlirax-^&S^iitfBiSE 

X'fo*). 

Tu^AtLXTn^y^mf^mz^^ 

fT3£fc£WRfc-f4l!H8jl8*fcl±l 6£fE&tf)T:? 
[31*314 5 ] JilBEBJJ-r-^t&H^Kte. 

fmitLxnt>ii&7 : -fT$> o . 



E*JI^-:*^#g#±iBf2EfflT-:?fci> DttBEffl 

ztmb-tzmm8 tan i 6 cib&^t 
WT-9®,mmwim-'(Dm#nizm?t>ti^ jjbskh 

[ft*JH4 7 ] jl- -ror^4sx«stKW-*fc«> 

jjsisEfflx-^ saw* xf -y y°b 3-~^cr>msm 

nmimi:iitei-&ATv7b. 
wmmtommb izm&v>§mzm Lxmrn?-? 

JJEEW^-*ifejfc*«te «fc oT^^^iPJx-^ 

a— r^is^rffffg^f BirrsxT- y r t . 
immm^r-fb. jj&j-— r^nwffigk. ±tBaE 

HUMRMMk (cJJfseotW** LTIHf-^ 

X^hZ.b*mt~?&*TvTk Sr_hlB3yt A -^t= 

ft^AC aytfjt— *TJHi^fc*i*IP!B"5* 
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±sssa 2 «oia^¥S^iaii$ ax ^* ±i a^-if «ost 

mmmmmt zmm lx . iiaigaEfflT-^^ifaiE 
hjix-? t^iaw *ap»f - „ 

■fe aE^S ^«>^fig$^iEBj-^_ ^<oJES 

tt^^aEf s c: k o ±ie jl— if or ? £fg 

fSfiEfflx-* SEW* JS 1 OfEti^K t . 
iffii-^EWffifBi:. T?*xe*gfSliEtf)!»SS1ff$8 

JJ2* 2 Ol5-lt#SKIBfS$ ftX V*4JJEx— f *>IH* 

flMBfc. ±iam3<oia«s#stiEit$a'C^-6±iaiEHB 

fflfflWffilSkSr^JfflL-C. ±KBEH!r-**»6±lBH 
Bflx-? SICTx- . 

JJ21EW7'-^^jat#BW»64Jjc$*ifciP!BT-^<0jE 



[000 1] 

[&^JB-f assess] zcmmz^-^coTrizx 

[0002] 
[fsS*tf>#fi?3 

1. ry , J'tr—^3 vyufv&wz^ ^.—fcr>T9^ 

2. K/p-f-^irryy-^gyco^^is^rv^ 

a— f #IEI<9fgEffl?)il£&}r I/O** -I fc ^«QE 
U 

3. jja^iEffl^st^^^qigig^^^-tRRora 
tiffix-foh. mtrnzmm-tzztizx*). mmz& 

^-r^JEM^^-^ZCD^TyU ^-yayrn/^A 

^ x ria^vm iz is v *rnffl^$ fiT a 9 . k l 

ts WlfRainbow Technologie 
s, Inc. {tOSentine 1 SuperPro 
(Si) ^« Aladdin Knowledge S 
ystemssLtd. ttOTASP (fS&) 

[0003] MTizruyv&mwmMmiz^x <t 
wkLxmMmzmi~r&. mLm±m^fc<r>tz#><r>m 
<'tiMz;\- b^xr^t'j mzBsmizmAZti. 

k. 7n ^ 5 AJi j.—rcof2iBi rtjg L/c ^n- K ^ x 
&X-$%^£oiz-t&. 

[0004] T?±x 3 mmm)V-*v\,z± &mmm<o 
mm. mm. ^xo-^-r^h^Mz^x^h 

1 . T^-feXK^^iE/U-f-^-ttiSS^^^tiK*! 
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3. WE^-f-^tt, ^mSfut&tfWf&Sfi*: 
ft. HP^-F^xTK^L*ft£:EU4gtEgiT'B& 

[0 0 0 5] ,TO|gf. TTy^-xgyro^Afcfg 

TL£3. iflDJ: 3OT<tn8aS9UcJ:*T7'yr-- 
S'ai'Tn^AWEjEl^fcyrWT**? (re 
play attack) t Hf 

[0006] yrwT^-y? as. a 

K?xT^6*l4fttt»3«*fc»rfcte£JS 

[ooo7] [^3fegt^^s^] mmm^mm^ 
tt. Tryr-S'sJ'rn^AfcfMW-siwc. ro 

[0008] JJBim»#^&«£3H»K^Nffl«n(iX 

[0 0 0 9] 1. Sg-c7)^T'{ii-ifc0fZiiESI^JL- 
«Ep . i-lTZ.fc*aiH«Z. fc ^ 3 J: 3 (c » .x— 
[0 0 10] To^AfftS*!*. Tn^5 

[0011] *rtfcfc**3.— Tn^7 



[0012] 2 . Tn^9.M&fciH4 

Try r-s^ 9 y»te«L«UMr*BWifcffl3rr 
s. hd*>. Tryr-^gy¥K<4B8Bi¥. rry^- 

J: 3 fci&TT U y-i/ 3 yrn/^ASMf 

4. 

[0013] dO^Tte. »-«*$6tf>*£<0 J 3 (C 

i-iFtifiM^rryy-^gy^/i 
[0014] zmm\s.Tu?yj±ft®%ni.v3---- r 
[0015] «fie«)j: a tc. mmmit^- K7x7K® 

xT«is«ttswwi^««#S(c«6ar**fWrv^ r 

8ffltt#»A3*lfe'N-- H»7x TSr»jS-r S^*** 
[0016] Affrfc&fi. Jl— r^^cjCx 

[0017] J.-1fJ*Wfflr*TTy r-5" 3 > 

ssow-* k * x t*ss» Ls-tmtf * ^>=5rv > 

[0018] aHW»*77'J r-yaySffil*^ 
[0019] i^JiatWWifcft, A-K9i7+ 

^-H^xTtia^LTlSB^^-rSCli:*^ 
[0020] i<0«fc 3 ±f£ro<7H »-«W5*i£ft k 
[0021 ] ^rfc. llffHW^miMt^^S k . 
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[0022] 

fcfcBWfcLTV**. 
[0023] 

UTS ZtlzX 9±fB^-— ¥<nT9*L*.W&*Vmth 

r-r^xm^mmmz^ mmm?-? zam-z&i 

nmm^&k. J--if^>Sffl-fffBSrfE1STS^2^IB« 

1 c9iB1S¥&fc«£f S*rc v ^fSffiffl-r-* k s ±tm 
«H»*fctel^aW#fc*LTraT-**£J^*e 

8«&k fcUWt* «fc 5 £ LT^S . 
[0024] J: *Uf, HHJfflSilfr-r-* (T 

tztt^tii jl— f HWfffgk £ 

«l. r^-fe^^-yhti— roBfflrflBRfcryu*- 
a yrn^5 A^jsatfcttfflLfcr^-txiwfiB 
nw#m«^k KiSLTms l. law* ztizxr>. 

[0 0 2 5] ifc. £^>BWE(C4J^TIi. ^<tfc. 
JJB* 2 Of Bt£N&k . ±1 BlRBT-*£j£#Sk 

*8r 4> Lft«Rfi«¥«>f»fc«»S*i.4 J: 3 1 LT *> J: 



BJ-f-^^^Sk I Cfi — H*k*«aMPtreWr'h 
M^SilSk LT8fj£t?*U> J: 3 (C LT *> J: t 
[0026] 4fc. JjaraKr-J^S^fiW*, fll 1 <T> 

OgffiffitfBk, ±fi»3<0B«^«WE«S*i.-CV%«iE 
WfflWMWBkfc»f€«««*lfcL" **>tt*k LT_h 
fBT?*X*te!^^!8&tf?|l£J££iJL, £2<OSUt^ 
BBis -hE* 1 «B«¥«(ce«3*uC v fgUfflr- 
*k. »l^)idt#SfcJ:-9TJtaj*iufer^-fc^«« 
BiEWWBMIHBkJcWjetfDiWtitL, LT 

[0 02 7] ±I3B»? f -*£lft#8b& f . 3B30 
StS^Kk, H4tf)iStir#Kfc, *5*>OT£BU:£>6 
WlKSfu m30St3t¥®ia. ±EWl«IB«¥RtclB 

«*^TV»6K^1ilWt«kteJ^WtWftJSL. AS 

I^EfflT-^k. *2^E«#RfcEttS*VC^*.3.- 
iTtfDHHifMllkfclWewfWfclfcL. SS5<0iSig¥& 
ifi. JJE»3<«IW*RfcJ:4ff*l»ks ±12^4^ 
S»#BKc «t Slt«fe*k l:HifS<7)ff«*Sfe L. 
*k LTiiEaEB^T-^ £ J: a fcrr S ZthT 

Cl<0%&tt3^Tt. ^-:5r<kt. _hlB^20lB 
H#Sk. ±IEm40)far^ak*«. rt^x-^SlX 

^R+fcfiWIp^^JidfcLTfcJ:^. 4fc. ^<k 

I c^-K*k*0»l(pBn^'hffl«JfiRBk LT^«$ 
tiiJrafc'^iikt.T**. i^flWETU. Kffl^S 
^at/jNjBBHc^i £ k*«T'# .WciC 

[ o o 2 s ] *3t, ±3RT9±xmamniMmtfi 

*r-9 S-jE L < WUtWJ S £ k *i$m*Z> =fc 3 
teLTfc ivv 

[ 0 0 2 9 ] ±CT^-bX jWBBKWWaflHR* 1 

S2PW>flJI*fflV^T]EL<li#ftLfcfc«Tft*£fcft 
aSE-*-*J:ateLTt J:v». 

[ o o 3 o ] a*;. ±^T9±x&wm.<r>mkwm 

^^^S^'^-t S ±fBiEBBx-^A\ ilB^SES^ 
-?K*fLT. t»EW««tfflV\TiEL<*J«S*ut'? 
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is?i\,m%rz$>h £ h ftjau-rs «t o iz lx t i v*. 

[ 0 0 3 1 ] £ fc, ^kM^^^HBt^^^T'S. 

[0032] B§^imm^mmemmx-h 

[0 0 3 3] ifc, Bt^OT^ftffMeWMfCft 

[0 0 34] JJEfglOlElf^Si:. ±IBSfi2tf> 

Wr-f&j&^mz ± -^tss i «>Ett#B(=»*ai*i 

7-*- ?t*aE§§gfiSS 5 <0lH1t#S(c*# aa*ufc±EH 

[0035]**:. ±mr? ■*xm®mstcr>mLin «u< 

E7-*fcLTiMOEtt*«e»*a*s IPJt-* 
■f-fb Lfc S £ fc MWE-f * «fc 3 (C tT i «fc V*. 

[0036]**:. T9*xmtmntGmMBam& 
l fcsus&s? 6 of Hmt£«s at* fc 

JB7oeit#a(cE«*#iTV»*BiEfflSW-^ 
fc LT*4*>§Ht#Rtc«&». HHJlx-?&IE#& 

fcwsaaftfcHWx-^&it^Lfctt***. r?* 

ftT V >6BEffl«f- 9 *fi#Lfc i>C0X'$> S £ 
fc ZttM-th i 3 fc: LT & J: v*. 
[0037]**:. JJET?**WiBIE<0««flHfc&* 



wmr-fk LxmAffM'mmzm^^. w#r 

&*.mzwz&*tozmmf : -ftf. ■tmftMX'&zm 
mm7-?izm-&. T?*xft&mt<rmmMX'%> 
twnimz «t h=f s J* /im^,x'h hz.k **m*h t. a 

[00 38] *<MMfcWfen*>*»fcT*>RSA 

a|f-^«SfSli ^50fBtl#©t;»#a4ix^iE 

<T fc ( R E mod n = C mod n) £#HE 
[0039] 4H?<fl98fcP&n <T> t kTWRSA 

mDx-h o . tmmv izztm-?&&mmi) i ET$> o „ ± 
^inim^mzufeztizmEmmT-ftf?-? 

K£mn<7>i>kX*EmL1zWLK• (=K« mod 
n > T* "5 . ±IBSLS*^¥S{±, *BgL^aJS r 
n^tfc-CE^L^fc, jWlBK 1 k*mn<?)i>kX'm 
tfil&C < = r E K ' mod n ) frfgtEM-r-* k L 
■Cfraa^4<0lB«¥lgtc:S#a^. WMT-ftm^®; 
tt, »6«K*#«tE«SitTV^a»rWifen«)«, 
fcT<0i^ft. EB-r-^^JiafeWcioTJISSoBHt 

*sc»# a**ifciEiB7'-^ r t^gcfc % neK 

fc^nOtfcT'-^lnlT'ftft^i: (K mod n = r 
-iR mod n) ftWEr*J:"3tLTt>J:c\ 
[0040] 4fc, SW^WSBtViSnOtfc-C^RSA 

mDX'b*). wmDiztti&tz&mmtfEX'$>*) , ± 

fiE»30iB1S^St;lBtt$^^aEBJMfflifftW?gt*J. 17 

ED3&»^±ejB2 oiBii#S(:iB'ti$ixs a.— rom* 

Bl^ffiw (=G (n, e) ) fcn*>3j--f (n) 

(n) ) T-ftO. ±fEiEBJx-^ifie#g(i. mfEt 
k. mtek. »l«03B«*Rfe»*a4*ifcBiEffl-5 r 
— ^Cfc3ft»4» % &n«kfc-CC£7)D3li (C» mod 
n) ^ItiE-tS^fctc.k-.-CBfrEliEBBx-^ft^tl. 

[0041] iEIEWr-^^jR^a**. ^3^0 

wm-^&k. m4^sim#gfc. »5«a»#a4:*»fe 

^Os Jg3^ff*g{i, MBSncO^fcTBuIBC^Bfr 

Et3R(Ct mod n) fclWU. *4 

ti. IfrEffinOfcfcT'lf^BCCOlalBe^ (C« mod 

n) ftH-^CL. *505jW(*Rtt, MBanOtfcT 
ffi 1 H *XfK20>ML¥80Bmtm*m t Z. k fc J: 
•jT, EBJ-r— ?R (=C t C e mod n ) 
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[0 04 2] ttz. S&immimnWhbTORSA 

im3(Dftfe^mzmmzti&mmttwmttf^ m 
iBDt, ±sm2.<mm^mztm^tih^-^<rim^ 

e) &tu£X'&$>tl&7 t -? (t=D+F (n, e) ) 
T'fcO. ±tBaE8x-:?±f£#'©fcL siffEt t . tiff Be 

tfrb, &nCO*>fcT CCDD* (C» mod n)£ 
SttW* - fc lz J: ^TIWM-r-*****-* «fc o 

[ 0 0 4 3 ] 4fc, ±faSEBjT-^^S*Efc&»\ m3V> 

Etft (C» mod n) MfttU «4 

i±. WEffinOt) fCHnECWWIEF ( n, e ) 38 (C 

'{»••) mod n) tiHtu »5<oaot#aii, m 

^¥e<OH-^S*co^t^tS^i:^J:oT. IE 
BJr-^R (=CtC-'(».«) mod n)2r^-TS 

[0 044] l3iBm2^IB1§*Satflaf5^4<7) 

[0 04 5] 4fc % Bf^mflb^pAi&T^Poh 
1 ig-Hel lman^ffWCftD, T^-teX 

ftflKfraAPETfe 1 ? <DE mod P -l = 

i ) . mm7-?mE^m*. m5oieis#st#ta 

KE11 3 *UC 4 Bffittr- * C i i}<m P <9 fc "C^RI 
T$>&Zb (R E mod p = C mod p) 

[0 04 6] *fc s WMUNHtffi&pni»bT0>P oh 
lig-Hel 1 man^JflMMHfT*'5, T?-lrX 

§ffi*-«H* < ET , *0 (DE mod p-l = 
l ) , ±E»7^>K«^SfcK1iS*i.«BKffl«T-^ 
36«T-^Ktiftp^)fcfcTEIiLfcJRK' ( = K E m 
o d P ) v$> 0 . JdffiU&&&ft3Hi . LfcSLISc 
rfcftpOifcTESftUsftfc, MEK' fc£ffip<7>*> 
fcTSStfcRC ( = r«K* mod p ) ZiZWM'r 

—9 bLTm&&4nmm^mzw%&&. mm*-? 

ttE^BUt. *6<0E*#«WBW3itTV**SUfcr*> 



b. mzKbwmpc?>i>b-e&m-chz>zb <k mo 

d P = r-iR mod p ) »MEf-&J: 3(cLT& 

[0047] Bg^->fbK^ftp<7)t i:t«0P o h 
1 i g-He 1 lman^|4fiMm^-C»0. T?-bX 

Sflfcfe-Oil*>*E-Ci>0 (DE mod p-l = 

i ) , imm3<7)am^mzmmtt?>mmmwmm 
t#, medic. _hiam 2 oEtt^atcE* ztm-- 

(p. e) Srini.TfS&il&x-*' (t-D + F (p. 
e ) ) T* 0 „ JJEiPM-f-^toR^BHi, tWEt „ 
IIEefc. *I<oE«#«t=#*&**ifcB»Sf f --* 

Ct*>^>. ffip^fcfcT'CCOD^ (C» mod p) 

[0048] 4fc. ±Effl5K*-*ailS#R* f . SfS3tfO 

aw^Rfc . s&4 oatft^eu: , m 5 nwm^mb 

«r»). »3*>SMt#Rtt» «5fE&peot4:THtfiBCOHtr 
Et*(C* mod P ) fctWU B4^«*¥© 
l±. ^B&P«0i>4:-C. ItflBF (p. e) SrfglgteL 
"Cs WEC^XCSJR (C'l».«) mod P ) frff« 

L. Sg50«g[^S{i, KflBSP^fctT. Sg3^)«Sl 

WMTHOtiRi:, &4<nm%^&mmk%c?>mt.b 

mod p) Z&Jfc-t&XolzLTtiXW ^cry^ 
tt. lBE»20E«*RRimEIIS4«iaaW¥ft& f . 

•P*R+t=rt«S *i* i 0 lz LX J: v *. 
[0049] HmJQR«%p. ^TCaO^f: 

WElGamal jMHHtt 0 . -feX»*||g 

a*tYT*»? (Y = a* mod p ) . ujpJjE 
a^ftpiOtfc'eS^^Sl^zSrfgiai: LT^*«Lfc 
^T&O (u = a* mod P ) . K ' ±iBY$- 
Sp^tfcT-±IBSLi!cz^fiSti: l/t***LfcRfc, 

^KtwaffeSilt ( K ' =Y*K mod 
P ) , JJB*7«E«*«fcBIEffl«T-* tUuft 

fc. ^^LfcSUftrttllEK , tiifepWtfWRtJtft 
C( = rK' mod P ) b S-fSiEfflx-^ b LXW 
IEm40lfi1t¥Sfc##a^. iEB^x-^«l5E^g{±. 
»60E«¥Rt:E««*tTV^4S|jftr<«fep^«,i:T 

ftpOfeiT^H-CJAilk (K mod P = r'R 

mod p) ^WE^-iidKUrtJ:^. 
[00 5 0] ife, lWMfc&*ifep. ^TCa^tl: 
WElGamal ^^Bf^-C'fc 0 > T7 -fe^*BB 



(12) 



^¥10-24 790 5 



mtfiYThO (Y = at mod p ) . _LiB®3 

±esi 2 ^iBii^e^ieiis fxs a— rawftfs e 

k«riEpfctetf^*^MKW!B8WlF (p. e ) frftl 

it#^Sf-^(t=X+F(p, e))T*9, 
JjaEWr-*£«*«tt, MEt fc . lulBe . 3* 1 

j£p<Oti:t\ C*±EuaXftT|iH>ftK (Cu-« 
mod P ) £ffg-r£ IfcCio TJJ BaEUr- 9 £ 

[ o o 5 1 ] jjeibdix- 9 &3<V 

fr"), JB3tf)SW#a»4, WIHfep<0<»tTlWEuOtlr 
fBtflt (u' mod P ) *twu flS4^>mic¥a 

f±> lilfB&pOfc tTlirfBuOStrlBF ( P , e ) £ ( u 
'<».«> mod n) *W»U *50!«t»*«B±. « 

a^p^fctT-. jjactiS3«aa*ew)if«s*'c 

W-jT. ER8T f -:?R ( = Cu-*u»t»-«)mo d 
p) t£jaW*J:3icLTfcJ:n. <r<5D%£\ mS3B2 

[ o o 5 2 ] a*, wamiimp . zusot^htx 

OElGama l**t!*9. T?*X»*&fSffi<?)#t& 

$>o (y = a* mod p) . mm¥-9tm^ 

IBItSft-O^IgaEfflr-^C LT**iRLfc 
fcfc. JjEY£R£L£ti^R£SftLfctt2:alR2:;6< 

&P<ObtT"&fflX'$>&Zk (a c mo dp = Y R 
Rs mod P ) fc«ttW*J:3fc:l/C*>J:n. 

<0E 1 Gamaliel). r^-bXjS*g|gfE£0#^ 

fcO (Y = a" mod p ) .. _LI5SSI3cOfB1i¥ 

2 <oiE*#iac=E*S*i*JL— fHWflMBe fclaiEp b 

tzmFt&m&s&m&F (p, e> ^jn^Tfi^ 
sx-* (t=x+F <p. e) ) vhK>. ismw? 

S^R( = a k mod p) fcU BOlBt fc. mflfie 

k . * i oietg^atcs^ a 4*ifcfHKfflf - 9 c a> 

6. 8cp-l<^fci:T\ C*6Xfcr^£9IVi&ftte 
k«jS3Rt*t*ii:fciJ:oT, S (= <C-RX) k 
- 1 mod p-l) i 3 £LT*> 1^. £ 



[0054] ±fc. ±fca.— »foli?rfif$BaWB8&tf> 

Z'hiTi>£\\ 4fc. ±fBBt^^*^g3^Bf^B9lgC 

[0055] ifc, ±IEHi5!x-*lfcIE#&(±. S h 
iiJJBfgiEffl^T- ? ^r- * £IB1S-f & 

*fc, »8^§^fclHl;&:h/0*4¥:fc"r-*£ifc 
[0056] iEiEBB^-^^^Sti. $ 4> 

*fttmzmuz&&*Mmthm9coim^&b. ± 
m-^mmmrrhme^m.n^b. sm^mb 

*jrl^±ibshjx-^ic. >£m%t>iiftMm&j[siK) 

nmn^mzx&itmsmb . «9»e«^«icett$ 

ilBaEB^-^^fEST'^S 4: <t 3 C tT i «k 

[0057] 4^, ±.mtW'f-?mE.^m* . § 

^fLST-^T'^>0, ifBliEBJ-r-^SliiE^S^, V» 

SV^(if2fEffl^-r-^?-iEL<a-^L7tt|-^. fiB*>, Bf 
■^ftSflfc ray 7 A^iE L < are**u«fr&ft:IH 0 s 

[0 0 58] ±EfE^x-^«?iE#©(4> 
t % Ta^yAmf^b. T-uyj&im^&b. T 
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mmmf-ni, mm^it $^rn/5Aj a-sn- 
htzvxn&smtymsmit Lxn^tih^-txh 

[0059]^ ±3mw7-?£jgm&& zv±m 

[0 0 6 03 C<7)%HJcom2c0tB!lMfcJ:nif, J- 

4lSS*lfciP!Hf f -i'»jEattt«fflPJ-4i fc*C«k 9± 
Ei-1f ^T^* A»»*B^* -fe^JHaBIES- 

laww mt . isssemwaimt fcwj&oit*** l 

[0 06 1] £*>^^30«niHCj:*l«, a. 

siRtffutiraT-^wjEStttww iitfcj; o± 

* n Mi* T ? -fcx*tef2IiEffi:r n ^5 idHiftfcis 

Xf'/r^ ±fBf81Efflf r -?k. JJBa-— 1f<0H*« 
$Bk . ±IBiEHBfflaa,fp8i; fcJ5fje*>iW*JtLTira 
t- * *£jfi*-4 Xt -y Tk . JJEiEW^-^^JS^S 
t: «fc -5 T£j£ $ nfcffiWT*- 9 tflMZT 9 -feXfEfSISIE 



[006 2 3 4fc. £«D»flO»4*>irateJ:*Ujr» 3- 

^SBrfiffgk. T?*x*BB**>l«Wffiki=*tU 

fEfS-fSX-r-yTk, ±§aiSIEffl7 J -*k. ±1B^-— f 

Lxm%?-?*&s$L-tz>x7-~,ytz±m^>v^- 
?t,zmffz-&&cr ) t l zm^& i a £ uth* . 

[006 3 3 £«0Wfl^5<&fflBfc:J:*ittr» 
-**>jE3tt«WW- £ £ k £ «fc 9±IE^-— POT?* 

n9&r*mmr& rn ^5 An^ii^iii: . mmm-T 

-7*Wfc?hm 1 OiEIS^Sk . Jl— (f<0E*ti?#8£ 
IE**"** 2 OlE1i#©k . ±»x-1f oHWTlHRfc . 

a.— !f<OH^Tffifgk. ±ia^3<0ia^#SfciB1i$ilT 

\^±mmmmm%ii *wm lx , jjEiaRfflr- 

[0064]4fc s £ crttWnm 6 codffifc J:*Uf , Bf 
tt\,z^Ztd-zm%^-9<n^m:mSL~th Z\t\,z 

ms^m^mt. ±sE^2cr>im^mzim^tix^ 

*±E3--ir«IB«flHRfc. ±3E»3«Ht#«WE« 
^«±SEEfflm«MR«Bk *3Kffl LT . ±3BBBE 

[0065] 
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1 0 0 6 6 3 IS 1 KfcWC. jl— ngfflE^XxAtilEBH 
-r-^atS&Kl OfcitXU^x-^^fi&SISl 1 ^fe 
^tiil IEBt j -:?±j£§£M1 UiT^-tex^y 
h£l££|gl 2*>^7?^f^7 h (StDiBMiB&T— 
1 3£&m?&£olz%->X\>i&. lHH-r-**@iE 
SIHl 0 liSfcfE/U-^y 1 5 £ HfrT S . HHJ-f- 

1 liJL—?m%ffim 1 6i3«l:tfT:7-feX*^y 

[0 0 6 7] T^-fe^f-iry h4Ua6K12«Try4r 
^ *x jMSBHEOWaHlffll 1 4 tei tf*-*HBWIHI 1 

. y M 3 tmmttlli? n -y t-X 4 X3r -y J- 

■ 1 OJiigaEffix-* 1 8£SEBJx-^±^Ml It; 

mta-t h . eehjt-^^^b i i j±t ? -trx-?-*- . y h 

1 3i>J:tta— fSWffifSl 6 £fflWClEHJJ-r-? i 9 
ffiBJr-^^S^Sl Oti^tEfflr-^^K^V^TIEBB 

[00683 EBJ^-^^jE^ttAJ^giE^iTixif % j.- 
[00693 J3LhiO«fi£fc-o^T. TTU 3r— Vy° 

vrv^comfflmzmizt ->x $ fetraw-* . 

[0 0 7 03 -<73J:3^^:^^T. T~? x )tr 

^rwfg 1 6 1 a tr- LTE^f -s i fctf-c* -5 h , mm 
%mmm& <, fcsrv r £ t> y ^ 9 vwy 

»Sr*f (1ST, W*V«-^-t*?* 

[oo7i34fc. nz&. ±tEi— mrnni 1 



0. i-ifBMrtWRi 6*5«fctfT:?-irxf-^-y m 30 
9*±jw-4. icoffaL^iasT'i-Hfswffifgi 6** 

<%Wr< k t-a»iJiiei»W¥«fc J: -3T*MI»*l&* 

[00723 vat. tsmm^mzi-oxumztix^ 

fcMPUfciOflWSii*) fc, iiefi&W^Sfc^fiW: 
TV-^y daieD«F#2 0-C^-r) tO¥^<Ii:k^- 
h-^viiic^-K^)J:d5Sr^»tt*« s rtfl!lS 

[0073] -jsr, mt<nmm\mmb nw&z. rr 
1 5imz-&£ti&. mmr-*imjv-*>i sit. 

^AHRIW- £±i2EHJx-*£fifcro^-k 17fc 
a«U ilS^m (EBJr-^ 1 9 ) jWEU^te-fcR 
0 7n^7 AOKEJf t«ff*- & J: 3 t#j«3f #i&jfit4J 

iM«r-^ (ISIiEMx-^ 1 8 ) t-eiltcm 
J£L^i5«x-^ (Wft-T—f 1 9 ) Oil^rtfttW- 

[00743 m.w?-?mt)v-i~y i softiffltjaT 
f-^ mmm?-? i8) kM&zti&Mm?-? 

[0 07 5] ^'T\ iiftT-'-^^iMSx-^iOBf^ 
Bf^bT^ zf 0 XJ± izM o V^fc(0%gkX"$> &tLtzi% 

h. 

[0076] 2 . m.W'r—fmDl'— f-> 1 5 *tc{4. 
BMW S<#x-^k. KBffS^^jMftx-^^-^ 

m^ki&Ltt'T—? iwm) ~ tmkzux^h, mm 

i-f*»6<5ifif- ^ lc±^-^rHagBS:£ lift Lftffl 
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[ 0 0 7 7 ] ££t. mmy : -9imm7 ! -?e>fff%.cr> 

[0 0 7 8] 3. TT\) ^-y3^7o/5Af)3-H 

^HfcLTi3< <I k tzX 0 . mrvfyJicrymmtl^im 
k*&J:3fc:-$-*T«Wt.*llrt-. EW^-^tWErt/ 

-fyi 5t±. ±ten&^'fbSit3t3-H^i— nzmm 

[0079] filL^flf JfctJ: S k . j5^T-^^Bf#-f[: 
*k*4. 

[0080] 4. r^'j^-i's^mw-i* 
±s.m^-(kztifzm*mz3--*fi l zmm l . *<?m 

[0081] JSLh^Sfigtc,}: S k % jKix-;?**iE L< 

«k =5:4 . z<m&<r>T?±xmm&<rmmm\m 

[ 0 0 8 2 ] ST , ^<0§g^J8P8ffi-t'Ji. i-ifffl 
38«3 *ifc"r-* k £A* k LT . igm-r-* tfttW" 

[0 0 8 3] ztuznt. zaftwcomui. j.-*m 

1 8 ) fcJniT, T9*z*+ *r v b 1 3 £A?Jk LT» 
iSlx-* (aElix-* 1 9 ) .Itf>«j£{± 

[0 0 84] 1. 7mf^7M3(i^a-f 
HffflHB 1 6 kT? -<=*Sfgt2IE<0!|t8tfP8 1 4 k 
-^TlfjrSfi* 

2 . JL— 1 6 fc«fe-f tT^-fe^f-^-y h 1 

3&hT? ^xw&brpm mm 1 4 sww-* i k 



3 . mmT-fz&TvT-vA. 1 7 i±x~fh^w?b 1 

6k7^-fe^f^-7 M 3kOiELlVffl-£-£, BD*>. jl 
— ifllWfif m. 1 6 fc»x~ tfWIfffi 1 6 (cafrSVvCtt 
*$*lfcT?-fe:Wr-y h 1 3 Ofi^tfA* 

[00853 J3LLJC i 0 . a.— tiba.— !fH 

■fSi—fHttrflBRl 6kl4SbfctT7 , U^-^a>r 
n^9Atff«U TW^^l 3SrJ--ifllW 
ANSI 6 t rT'J^-y a >7D/7A^C«fflL 

itT9±xmmmnmMmi 4 kcistTfrnu 

IB*** ikiciO. ^frttm^fr^ oik #T*# 5 . 
[ 0 0 8 6 ] ifc. i-fitffii 1 6 * -OOERffif 
«K>ar4fc*)fcU 7?Wt»M3«f«tB 

Tffi^3@^rf»$gk£ESJLTfflV->6£k*>-C#S„ « 

A^$r^.-1fffliA^®ffiak Ub-?>20 «fnc# 
AbT*i £0#&ti, r^-fc^^ yh 

1 3 SrT?-b^S1SI2iEO^mif * 1 4 k±IE^I^i^ 
r«A«M|j&»6H«T* S «fc a £ k ic: J: 0 , o.- 
IfBWflHB 1 6 t8fflC«-jfcSllT;tW7 h 1 
3*fttW-«£k*«rttk4«. 

[0087] 

[Html ojrcj:oftfwwt«j«cov^Tititwtcip 

[0088] a^W^fflSIKOllSSM^^frfc. i<0 
[0 08 9] t-f. i^Xfflfr. IfWPCftlUi 

2 icfcVvcH 1 k»i£ft*«IBft:l4«J&r*»if-fcftU 
[0090] £^)Sat»IW=J3V^Ttt» SEHJx-^^|£ 

7A3 2kLTl^-f-S£k* I T'§l,. rcOfg. o--1f 
^I^M-^^i60HWffifg (i-ifiBrfiffg) O^ft 
SrsrtS^fttc. fidHM3 1(clSttd^ W^^n'- 

-H4k*> aik^nrflgr&s. ic 

A— If 36«IMft» P C h -5 V ««7 — 9 XT— is 3 >-±t'^ 

[0091] IRUx-^lfclSSfi 1 0«Si-if* s *!lffl 
-rSTr'J^r-^ 3 >-7"0^7^3 4^-gPk LTfi&S; 

Sits. m*>. i-if^|gTru^-^3>Tn^5A 
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3 4 £ P Ch&W$V—7Xy-— i» g ^±T®iWS 

t tr ia^^^iiaHx-^^iE^a i o#jgi&$*u 

[0092] jl— ■PH , r-**fiBf* 1 OtfJSb 
£ **UfcflfiETy U r-S' a xrn/9A 3 4 £f9ffl? 

i^3 >-rn^9A(c«JW-4iBafflMMlH| (T?-fe* 
f^»M MMW-*!&Ej8***. W4. ItrlBPC 
$>5 W4 T 7-?x^r-^3 >±fcM V-X ^SfL^B 

iw-* k i: *> j--- mtfiNga* i c * - k 

[0 0 9 3] !EBJ§-f-*£j£gHl 1 (PC*S^li<7 

[0094] 3»gOfSjR, SE^-^^aE^a 1 0 fcJ: 
rrt; 3 yyvif? a 3 4 coz.-o#ie l < *«E L 

[0 0 9 5] jl— »ltllBI&*V«7^«f^ •/ h 

o-##£tro*&*£*:*4» bw4j«sjl*v*. 

[ 0 0 9 6 ] T9 -feXf-Sr >y hfcHfje^WL— WfiKCjIff 

j&MfcLTWfr^*^ *I4D, WB4JSftL«rv*. 
[0 0 9 7] 7^-bW»Hi. 1#5g£>T?-fe 

ttSBKXl OI4£tf)T**X*ra»3WWIf*MKE 

5A3 4fc^£4:fcT^4iPD!^-:J^lttSMl 0# 

[0098] 3r& % E92(cgwc, 35i4^l^— f-f 
■ ^XxA^WltWPTO^g ATSfe 9 . 3 6i4;\- 

[0 0 9 9] 4fc % T7'J^-i'ay7n/?A3 4*« 



T'Hff$iiST7'U'>--x3 yrn^^AcoHfJfiJffllO 
*£TUL tPJ^-^^Jfcggl 1 fcKBf-^afiS* 
■ 1 0b<?>mm&^frV}>&7zfbX%mmb LT^t^ 

aEHHx-^^SISl 1 fcHWr-^tttSffll 

0 k<0il«{4TCP/ 1 P^fc'fiO^v h>7— ;m h3 

[0 100] T7"!;r->'3>'ra^5AAJirffl 

ca-FciUfrr*fci8fc-r*. fEBHT-^^i^iai4 

Ht*PA-r6fcft^Oyb*fflli, o.-if(4MXo-y 
^coi 5 ^fflSUKtc J: 61?§j£f4. «fr*>ATMWK 

re*. 

[0101] i-1flcJ:*T*-fe.*f-r y hCDKf#KIW 

[0103] T^-fe^^-^-y h<03^ttfcl4, iaro- 

[0104] T^-feX^-y >y M4ffr&cST'£ >3 . W*. 
T^-feX^r-y h*9MfS*ufeJt.-if*A (iE?itci4. 

4jaSHIfcjEL<fM6S**ifc3&fTS*. lot, A 
XOSKHftP*'? h U fflWXx— * !f^T^ 
•feX^^r >y f S^iEfc^tcTjhJt: k Lit, £OSfSH# 
3&<T^-feX^ir-y b W^ff^cT-S) h JEM<^J-~ J fC0J-— 

[0105] T^-bX'f-r -y h{4§ 6(=KtlF=fl^tt?t 

^^ix^ff & k (=SU«?)T^-feX^-y h £W6 tfc 

**J:3«^SIIWW-*ii:f43FWC**. 
[0106] jaTTI4, «t 9 AfWSrflMtfc^HTSW 
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[JB-«H«H] 

[0107] zcomifc&v&m-commwTit. t? 
•efts. 

mi ] ( 1 > t = D-e+<u^ ( n) 

[0 108] ntJRSA^ HP*>, +#*#3rZ-OC9 
5^StP, qC7)«T^S (n = pq) . 

[ 0 1 0 9 ] <t> ( n ) lin<0:*>r BP*>, p - 1 

kq-l<0arl)S(*(n) = (p-l) (q- 

1 ) ) . 

[oi i o] jL-*fm%m&eii. ^--^mzmz&m 

[0111] T^-feX-f^v htHMlDU. atn^t 
fcWRS AKHNTCft 9 , 2 S:?ff^-r. 

MK2] (2) gcd (D, <f> (n) ) =1 

££T\ gcd (x, y)i4:3:x, yO&*&g?ife£ 
m?T. 3C (2) fc:J:->T«H3;h.6l!WI±. *3fc»fc 

he **#3e-t-s, ^ fc . 

[«3] 

( 3 ) ED mod <t> (n) =1 

E£T?-feX^-y MMMteP&fc. 
[0 112] oofi, nRVelzm&LX&l§L&m?*> 

jWWM=HRUfirt* (SSSUS:^) «t-3teJBft*. coco 

MK4] (4) w = h (n I e) 

[0 113] -:fr|6];vy^al?af8[i:ti, h (x) = h 
(y) *Sfc*-ffiJWr*x s y&*flrt-*£fca**L< 
BUT'* &b^5 S«£ ioMifcT'* 4 . v 
•xWISeOflli: LT, RSA Data Securit 
y Inc. SMD 2 , MD 4 , MD5, 7^ffl3S#P 
®W?£J:&3£t&SHS (Se cure Hash St 
andard) tf5&htlX\iZ> . 
[0114] JJa^)R^+ttWlfc»t4iV^T. t , 

e, nii^arnitrio. sood. e, <», P , q, 

«WT* . H**HLT § (cJK-tf««fc 

Jfr^WtWwlftftfciSU H4ttH3fc*W4'r-* 

sai oa. r^-fex^v f&MHEimi o i . a 

ists&fegp io2, suciessp 103, sfix-^ieissp 

10 5. tm®l 0 6, #Tt*1 0 7*iJ:t*x5-»S 

^ai lis, ^m^-nmmi 1 1 , *i«**i 

1 2, 7^txf^7 bEttttl 13, gS2SB£g|!l 1 
4, a.— «flB*-flMBKfMH 1 5to£X/m.W*T-?±j8. 



mi 1 6^^t?«*sii'cv^. 
[0115] ^mzmmz^xmrntz . 
i. jl— r^r^-fex-tsit^io-c, mm?-?®, 
mmi oiwimztiz. m*n7-?mmmw.i o« 

[0116] ?4ftftMl 0tf^-—'9'l>PC& 

4 V >{47- 9 ^f- >- g >±-CU)fN--5 TT Vjr-iss 

a«f-jK- K*&v^±?^x*ir«fl^6stfflv^ffl 

KISS 1 0 fcJftfcLT AfcSB*** ~ t [z 

£K>zbiz£<o. w%T-?mmm 1 o jmbms*. 

■6. 

[0117] KWf-^afflBBail 0tf*v hV-?X° 

s U47— ? ^f- >• a y±.commy n ^ a zmm 

A|c3»I*>«RR**fT3 £ t tz i 0 , aRBx-^JfclE 
stSl 0*«@K^iiS. fllxfcf, ^.-^'cOilfiT-o^^ 
■J***9--rtkWBti-t>mzTC P/ 1 P i:D?(fixS#gg 

ny^&tfmit- h &^«lttc p««f«fti^— 

( i n e t d ) i«TC P*a«Wt{C«fcTiEW 
■f-^ttKBIl 0^S»rri»rt:d*nr^i:^-g». ^co 

J: a*irajjria±, -f >*-*>y h^ifco^-y n^-^ 
[0118] iEw-r-^«aaai 1 o ^msm^mw 

10£IC#-K ■ 7>f?-rt«ROM«§ 
•Oft $>tltl y°a 75 A * 3 V *|4E E P R O M 
iutTn^Ak LTffifiSU iEBJx-^fig^Bl 1 

hsu ■ ?4 ^-tjf a-t-s i t tz £ *) , mm 
T-ftmgm i o js^bus^ . 
[oii9] 2. iEBj^-^^iiE^ai o«4, mm? 

—?CbT9 *X*<!r v h^RWlff 1 0 1 fclS«$ 
1 1 +«««7'-^{fiHI»l 1 1 t=»*at»36«, itfDB 

[0120] 0fl7-^«aaes4)(9SJ»B^ff 1 o 2 

0 lfcfi»3ftt^4RSAiSftnfc5V 

SJ8aEttffil0 3(ceilrt«. !E(c. itfD 
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ZWm n<r><?>%> b TR S ABf vcB&^HbLfc b<7) 
[0 121] C<0««:SJ&r^i<OT& SCI 

mmv>mzm%&mb* r ) . vyu4Tf >y?t:m±-r 

[0 12 2] 3. IBfl-f-^^lfigBl l+OSPSliSg 
«51 1 2(2. T^-bXf-^v HEtegPl 1 3fcfEfS£ft 

1 1 1 £»*aa*lfcRSAtaftntf>fckT. *5*H 

?rL*iSfPBR' 

HBE5] (5) R' =C* mod n 

[0 1 233 4. uBW-^ifi^a 1 1 4«^B2 ant 
ski 1 4&. jl— r Bnrflmieit« 1 1 sizmmznx 

[3&6J (6) S = C e mod n 
5. IEBJ!x-?£j£SIBl 1 "f^WHf-^^rtt* 1 1 
6li. SS1*JJ:V«2SW*1 12. 1I4*»6R" £ 

C»7] (7) R=R" S mod n 

[0 1 24] 6. Wfi-r-fZitfgmi UiR2:aEi?J§T 

-ftkimW 1 0 <0^«t- ?tmm 10 5 (cjBiM- 

S. 

[0 1 253 7. ESUf-^UBEKill 0 * OBHESB 1 
0 6Ji. £-f. ^fi-r-^ieffSPl 0 5fc3BS*ifcB"B 
? R t . T ? -fex-f-Jr . y b^i^Eitai 1 0 1 lz& 

[&8 3 (8) R* mod n 

*VCH4SURC ( = r ) fc*ttlW-*ifcfcJ:D» 3^9 
tfj£D&o£ I: 
UK9] 

(9) C mod n = R E mod n 

5t ( 9 ) tfitiULt&Mfeummi o 7 saut-cxm 
[oi26] mzmmMtmi zomicr>m~v>mmm 

•r-*tf> (flJUtMlft) B#*frC*»K iP»r-**lS 
-^^SE^Bl 0(i. T?±A<f"Srv h^MHEUff 1 



0 i . sj&^sbi o 2. sjaieis&i o 3 . sm?- 
nm® 105. sua-ftas 121. bejb*?-*!!* 

& 1 2 2 . fflJ&3&JRB§5*& 12 3. *J i WWf*R3 1 

1 us. *»r-*iM«iJi 1 1 . jbisumvi 1 2. 
r^-fe^f-^y hc«*i 13. m2*emi u.a 

-ma*flM«E«»l 1 5fcJ:tfeWr-*±JS*l 1 

[0127] o«=»fl*:oVvcBffiW-*. 

1. a-wn^tJ^kt^t, BW-^H 

lE^gl 0#jSi&$iT.S. 

[0 1 283 »MT-^«aBf««»a*lfei: L"C. jl 
[0 1 293 2 . iPJ§x-?tfctE§!B 10B. BSEJB-r 

-fct. r?**** y b j^MHEitaii 101 

xsi i«*»<oawi-9*-^SBiian 1 1 is 

[01303 ■raf r -^«aBsa«f <oa»«^«i 0 2 
fcioT. a»r*r^«f-^yhawBiKE«»io 

1 fcfilttSilT H*RS A^R n t S\ VzmiZ* Sid 
fc&ftt . %MBmB l 0 3 tcieHt^-S . WBMM l 2 
Hi. T^-feXf-^>y b^gB«f2t|g|51 0 1 ttltt$tT. 

-^BfKW 1 22t;feigSilT l^f-^C' 2:|X^L 
T. *1 O^tf-ffSrfl^ao 
[&103 (10) C=rSC mod n 

ZZT\ IStEffl^-^C' 1,^-7 KiznLxmi&jZ 

2 2K«tts#ifcttra4. 

[Stl 13(11) C =K K mod n 

[01313 «*&<Jt^ixif. ISiEfflx-^Cti^n 
^ (> t TR S ABf^-SrfflV iff-^ K SrBf^-ft Lfc t <50 
T'S>0. lEHJ-f-^^Bl liiCSrS&ntfO&fcT 
R S ABf^^rfflV ^-Ca-^-TS <! i: l>Z£ Of-^K ^W3E1 

tmiT-?±tf(gm i i <oiH^>a«ii*fcH-<o«»o 

ic.. SUir5:fflv->TMiiEffix-^(c:a^!j*S:#^.. BE 
BJx-^^gl lT&JJI-rx-^Sr^fiEi-S^SLiSc 
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[0 132] 3. !PJ§r-*£f£gai 14><D^1^« 
IK1 1 2i±. T^-feX^-y ME^SCl 1 3fclEtt3fi. 

1 1 lfc«#&£ftfcRSAi£&n£7>£>i:T5ei 2£§| 

[fStl 2] (12) R' =C* mod n 
[0 1 333 4. IHHt-*£jS§S!S 1 1 tp<Dm2-m% 
ffil 1 4i±. JL— 9TOflWiaHt*l 1 5WE»S*IT 

mi 3 J (13) S = C« mod n 

5. k»t— i tpcDmpftf—fgusM 1 1 

6tt, *l*iJ:tfH2afltt|fl 1 2. 114KR' 
itfSSftT. 5£l40tt3r£fT*^R£*§&. 
[»14] (14) R= R' S mod n 
[0 134] 6. HBJf-*£j£gHl HiRS-EBJr 
-ftfiMgrn. 1 0 tf>*»r- *IE1SgC 1 0 5 tSBHM- 

[ o 1 3 5 ] 7 . mm?-?mEgm 1 o omasum 
1 2 3 a. susMSff 1 o 3 * a» L?t 

SiJSC r fc s gftT-^iaifgP 10 6 *»4KW5*-^ R fc 
MR 9 ft U 5*1 5«Jf«tff*3. 
[R153 (15) K' =r-»R mod n 

[0 1 36] ItfSWiK' «, WB7 f -^«KRBi 

0+cr>^fT^S3 1 0te§|S»3*i*#. $m^®3 1 
0«K" =KjWS^*i^^9:iEa*>^fcJ|?fr 

&£otzffijitZix&. 

[0137] jarc ehj!x-*i«£b 1 0 foufi 1 

[0 138] 1. M7C0ntfLm 
»T^g3 1 0+tf0ie^gP3 1 0 afcfftf-^KtE 
*LT*J<. HffgP3 1 0 4><OJt«aB3 lObll, -Itf) 
KfcEWr-^«aail l*»fcSSi£>*iJfcIHB7 , -*R 

K' = K^fifci-t^^-fcll DiES^S^^fTL . fig 

(H8) . 

[0 13 9] lWEt=ffl^*f-^K*» 

«W-5*-^«SBBSil 0. W(c % «fr¥«3 lOi'.a- 
■9V> p c a * v ^liv-^xf-y a y±X-i&fM-S y'u 



[0 140] 2. H9c9«f£ffl 

JJEO;^ IE1ggP3 1 0 a(3B1t3*L 

i/x.tmhzmLxnt>tL&T : -?h <k) t-rs.r t 

— ^I^vS/aBWWHMM*^ IE1S2B3 1 
Oa(dE*S*i4r-^y*»fe, y = h (x) fcjftfc-f 
x fcJUW* i i: L < ESIT-fc 4 . 

[0141] mm3 1 Ott, AA-?-^(C»t— 
>vy^A^fcJiLfciy»»*SBflW3 10c £:fi"f 
5. Jt«gC3 10b(t _klE38&8P3 1 Oc^tfJ^jh 

( K ' ) fc. IEttaJ3 lOateHSftfcf-^ ( = h 

(K) ) fcS-ttlfctS (HI 0) . 

[0142] ZcrtimmZ'li^ tmizm^&?-?Ktf 
7-a^9Atf»*a|Sh.*cfc*ftfif< N afc, fEf§g&3 l 0 
ateIMt$*ifch (K) *»feKtWW-*ii:* ! *U< 

[0143] <r <oflte£-m. 010 «t 3 tro/ 

[0144] L*» Writes JtKg?3 10b li7n/5 
0. mz^ jgff*R3 1 OjefcL-ifoPC*ftv^iy- 

[0145] 3. 01 lemsm 

m3<r>m&mx'it. mm-f-^mmmi oomm3 

Wl2 2fc«Wi. BP*,. KaSS?T«B7-a^A<0 

[oi46] mt^3 1 o(i. iEaaf-^*^s i 

atr. -t4ri3feSlff#R3 1 0{i. 3-PtLT«f- 
^K' HEtt**3-Ke(i*3 1Odi:£0>3--Ffr 

ro^A4ieaRi3at»3-Fai03a»*3 loet. 

ro^5A?-||fi : -t5 3-F||tTgi53 1 0 f kZHLX 
l&&fWBth:Z:& (Ml 2) . 

[0147] ^oflfjfctfyt'ti. rn^^Acoji^t^r 

^3-KO-mu^M^W^SiiTb^^A. * 
ff*»3 1 0**3-~ •FcOPCft^^fiV-^Xx-va 
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[0 148] ggfr#4&3 1 Orfta.-lftOPCifcl.WiV 

[0149] KWr-***»S Kfee&3 

[ 0 1 5 0 ] 3- FHffg|$3 1 0 f \±imm>c P U& 
VOSX'$>&. CPUfcOSfcteta^JLT. §mm<?>7 

[ o 1 5 1 ] a- Hixa^s53 i o e<r>mmt. nfi=* 

S3 1 0+-ca*3tc|gff§iiSrn^7^rj-K-Cfc 
6 . 3- KJKji*S?3 lOelllf- rag£3- Kffi 
«ffi3 1 OdWTKU-Xfcs-KISfra&S 1 Of 

«it««ittftt. 3-HEa*«3 i o 

e tin- Ke«W3 1 0 d*)WBTKl/.X*lifflS3-l* 
H*tSB3 1 0 f tZffiiLXl, WJr«0>OSjWR 

3 I0ell3-KHBI3 1 OdCT^MTVUX^m^k 
U O S *«C P Utt&T«WR-5fc<E*T H UXimm 

TFUMz^mt&yjmx'bJ:^. 

[ 0 1 5 2 ] 3- H8a«ff3 1 0 dfcEW-^*«a* 
a*n*:««T» 7 , d^A'C*63-I<«&*«3 1 
0eiWBtt3*l*fc, 3-HH&**3 1 Oeii 3- 
HfBtiSP3 1 0.d^>TK^(=8efil$nTV^A8frtt- 

3. 3-K|tWf»3 10fC*^L. jtffS-fr*. 
[0153] &Wt\ 3- F8G&*ffi3 lOeli, 3- 
F5Sfr»3 1 0 f (c<r*LT3-HE«»3 1 0 d«IS 

3 - Kftfflffi 3 1 0 f (C**** . 
[0 154] £0>**«T«, !E»T-*jWffiWr-* 
im^Ml ltJ:->TjEL<4jRS*ifc*6Hr, 

3-K*ff»3 1 0 f ^)H»!)lttf#frT»4. 
t> JJHWfcTli. 3-m&A«3 1 0 ecorn^^ 

A3-Hfc§i«*, iPHf-^4*#«i nci->ra 
[oi 55] 4. Hi 3vmam 

»3*>**Wfc:*Hvr. flHHfcLfc3-l*WH-*fc 
[0 1 5 6] Hfr«3"l 0(4. E^-^^gfil 1 



3-KfcfiHH"*. -«r:b-fegff*3 1 Otefli#-fk£*l 
Jtro^5AtKtW*ro^9AiB«B3 1 Oat. 

r«-9^-««-W3 1 Oh J:. flffl-Sfufes-FfcttO 
Hrt-3-l*»lOHJL*310ii:. KOSSSftJlfes-l* 

[0157] 2gfr#R3 1 O^JL-ifcoPC&S^JiV 

[0158] ■t*fc3iifc7 , u*''9.&3- N'**t5tg$#t 
TV^ra^5AE«gP3 10g(t ttM4>aJi£3 

[0 159] 3-b-HtrSf5310f{iftS[lf|<7)CPUS. 

[0160] myjAimms 1 0 s ia s ^v-n-y * 

[0161] fS-^3 1 0 hcOHflcte. m?T^&3 1 0 
#tMfc|gff£ixSra^A3-H-C$>a. ffi#§S 
3 1 0 hli. Hgf ■ Tn^9AIE1ta53 1 0 g 

WHU-X£. 3-K|l^g&3 10f tfg^SvIfctf 

[0 162] K' j&£5.*6*lfc«JIIT. ro^At* 
l.m^3 1 0hjWB»3<i*fc, «^"SP3 1 Ohli. 
Tn^AfBtgg&S 1 OgfcKttltfrCV** 

r h* vxizmz tm~£ -5.3- k^tSs 3 i o f 
*?t$ i^>i®afc:j:o,'ro^9Aseit»3 

1 0«fcE«SftTV»fc*^r-*fc*fU K* »ft 

■fut lt . ws^-f-r;P3- 1; xa -&nfi Ltitm 

[0163] &l-v-c\ m-tgP3 1 0 hli, 3- HHff» 

3 1 of ic*^i,ra-9Ufc7 , D^9A3-i<*«aj 

1 of (z^^rs. 

[0164] i««BSW«±» EIBt — 9 IffiEfflrf — ^ 

«^-*fc«xo«-JHii:=flr*. ffi^P3 10h(l 1(0 
t»KB»fl^n^9A3-H*«-f- 
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-f£J:?3-Fli?T353 lOffc^ti. ± 
fefltj£T'(4. a^-S53 1 0h<7)rn^5^3-Kt§l^ 

fc'SrS (014) . 

[0165] ii©fffi^»t4«=^safc«r«±» 

mi 6] 

(16) t = D + F ( n, e ) 

[0 1 6 63 n(4RSA£8c. «Jfe. +Ml^r^ 

(18) ED mod 

[0170] Z£9M»RF ( x , y ) <4NlKttft<IF&L 

*. 

tftl 93 

(19) F (x, y ) =h (x | y ) 

01 6(401 5fc*$ft£r— ^7n- Sr^LT 
H*. 01 5ttJ^T. SB»7*-*£jSiaH 114. S 

«r-^e«»i 1 1, siauNBi 1 2. r^-bxf- 

hBEmi 1 3. m2ffiMMl 1 4 . jl-ITHWW 
^IE1ta51 1 5, mm7-?£jmi l 635«ktffiffc± 
JSWl 3 0fc-frX,T«!RS*lTl**. mBf-^«IBE 

S 1 0 {4^-<7)SISSM (03) (05) 
Wlfj££S»rs<r ^^T'{4IJiBJSri^03fi 

[01713 ^izzvmmz&vhmm^^Twm 
i. .a.~»ra«T? ^ i {3 j; -d t . mmf-^m 

EKBl0jMBft3*i&. 

[0 1 723 WF-^WfiSai 0<7)H3S^fc L 

v—rt-rvr?*. **^4. i ca-n • u-^ ■ 9 

(4. »-*Jj:l«(S-tf5llltW<Z)«#fcS6b6*v\ 
[0 1 733 2. SPHf-^ttKBSi 1 014. ^Hffi-r 
C fc T?-fex** „ h^DMHBtiaK 1 0 1 (zEtt $ 
fit V » 4 R S A Bfr^OffiS n WHfcEWF- *£lSSS 

ai 1 «f>«o*»r-*!aMn 1 iic#sat». 

[01 743 CWi^^i: LTJ4. *-0>WiWT3* 



*ftp. qOH?&& (n = pq) . 

[01 673 i--ra*tP8e (4^-^£Ji3r!,i5rC' 

[0 1 683 <t> (n) I4n^)5!->f fiD*=>. p-1 

h<\-\<rmx*>h {<t> (n) = (p-1 ) ( q- 
1) ) . 

[0 1 693 T 9 hWm&\$^ iSRnAb 
fcT«)RSAiHWrca9. *1 7 
[8173 

(17) gcd (D. 0 ( n) ) =1 

;;t, gcd (x, y)(4Z3fcx. y<7>m±'&mLZ 
**\ 5«(17) (Cj:-aT«K«*L4tWI4. *1 8£ 

[&183 

* (n) = 1 

mx$>h<n>x\ c\c\x'\±mmg.Ltc\^» weivwi* 
fi-r-^isigaji 1 1 e« a* at* t*> 

[0 1 753 3 . BWr-*£jaa«l 1 ^^lfif 
«1 1 2(4. T^-fer^f-y-y hEttffil 1 3 £12^$ ft 
TV^r^-lrX^.y ht£]R#U 5e®r-*K«» 

1 llfc»&&**lfcRSAfflftn*rt>4:T*20*!5 

firU^fffgR' 

[S203 (20) R' =C mod n 

[0 1 763 4. EBj§T-*£j£l£B 1 1 ^cofSf^fefc^. 

an 3 0(4. i-ifia*m«iai*i 1 skie^^t 

[SC2 13(21) F ( n, e ) 

[0 1 773 5 . SEHJiT-^^SIIS l l ^com2?IS: 
351 14(4. WBOEimi 3 0X'£j8.2tltz7-?&m 
V»T. 5«2 2aft*£liffLI£jMINRSfrft&. 

[&22) (22) s = C r < n .«) mod n 
6. fPjT-'-^itDS^Sl l+OKBf-^^JS*! 1 
6(4. *lfcJ:tft$2fllWttl 1 2. H4*»feR'*J 
itfSSr^T. «2 30>W*£fr*^Rfc»*. 

[&233 (23) R=R' S" 1 mod n 
fc/fU S-i(4&nc0ti:Tc7)S<0^. fiDt>. ^24 

[SC243 (24) S ■ S-i mod n=l 

[017837. mm : f-?£j&.mm. 1 1 *4r*bw5* 
: i o pygmf—Pim® 105 vzmtr 



[oi 793 8. mmT-timmwi ox-a. ww? 

[01803 c#S&-c9|gffiMo:^(cg^vt£&$ 
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[0181] ctfm-<r>$mw<vumtz&^x4u&.z 
[oi82] mmnmfamTit. m-nmm^mmm 

liV—f^T'—i' 3 >lZ%£M<$tl& I C# — K, $>&^ 
l±PC*-H (PCMC I A#-K) %b'<7>®&*m% 

[oi83] &-7bmM=<7)mmmcr>mw-T- ?±fm 
mmzn^x. j-~m%fim e (4 wmmx$> *) . 

*\&i,zm&L%^J:o&%ZU>b%iltitf%t>%\\ £ 

OS 1 1 4 Ottff&fSgS *».* k STBWflHB e 

«H*)SBtWfc*rt**HRF (x, 
y) a9ttKttgtffliff3ft&itefcR1R?'&*. hp*>. 

mzfe® us. ]R2 aom 1 1 4B.xflm&jm 1 3 

0 arttfdW** £ k £K&iL WU* * 

gill <0-»*^- K^x rk LT«J«^-4 k#2&T 
[0 1 84] dcoio&A-K^xTk LT. IC*- 
fcrttiif . Kfcx— !ftf>fflStt**ft * - k tfX* h . 

4. tot, ^-iriBe-flBHE«»l 15k. 

r^-b^^-y bEtt»i 1 3k, m2mnMi u 

k. ftm&S&Bl 3 0k£ I C^-H • Pca-F+te 

asst. EE^^r— 9>&mm.om r> <rMto&3-—vim 

o/5Ai LT«^S £ k te**Ui\ fEBJ^-^^)S 
£B1 lco3*>#J--iftcH*=5rg|5^{i. -efi-TiiOi 
— WMWergWr IC*-K-P c#- H k LTH3I$ 

4Ckk&4. d«J:d5SraiJRIcJ:-aT, fcVXi— -TT 

5s*-yK£9t*ttZ\rc* KPC*4V»I47-^^tP— 
S' a y S: g#ffltf>IE0J!-f-*£j£i£Hk LTf Iffl-f 4 £ 
k^flgk&S. 

[0 18 5] 8T, rtaWtU-tsttttSWtr-^ 

k LT(4, W;t(4\ #1*181 8 6 3 9 5 3-f-. #1*3111 



8 6 04 6 3-f-. «WT3-10 07 5 3#4MBa»«Jai 
£>*1TV^4. 

[0186] ttftflll 86395 3#t£4J^T«. tifSB 
4. 

[0187] mmi 86046 3#&&fcvCfci. flHV 
£Wl^MH£*tMlll*^-r& k k t> lzm-ft®8& 
^*^&£&*n0S&S-m<t6.rkT\ m-7-l9HMRW^> 
ftAtf* o fc^fcii«ax*/i^--0>aa&£tMai Lie 
«flWKB«*-4. 

[0188] 1HPF3 - 1 0 0 7 5 3 I vc 

[0 189] ;ii^i?yn-A-K>>xr£. IC 
*-WC*-F (PCMC I A#-K) Oj:33r8i 
«^T«l=5r«^Sk LT^-TS i k tc«fc 0 . jl— Ttc 
*Tf 4 JS=5r S ffjffi^««-r S £ k #T'S 4 . 

[0190] I C^-K(Z9SK$tL«7-f 

»»flQm>£fc: % -t*ig«rc«S« 

[ 0 1 9 1 ] mi 714, S-*5«k^-<OHSSW;i3V^ 
■C. i-1fiai^e*fi^*i-lfBB*flHBai# 

s 1 1 5 1 . mzMM.^ 1 1 4 1 

IC^-W^M^^-A-F^xTieO 

[ 0 1 9 2 ] 01 8(4. SeoRJtWtefcV^T. i-1f 
SW-fPSe »fij^ia^ltmS 115k. 

^Mf^^^-r-&^2^«gsi i4tjni.T. 

SSS13 0W^'!-A-lf?x716 lt^XSfL 

[0193] IC^-KflBl/F»14 1l4 N ^Xbk 
I C$- b'eMmZ TQS I C^- HBW x-X 

i4. r<7)PCftSV>(47-^^7 i -^HyJiT'»f^ 

xr 1 6 1 *<7)&^mnttmtem-n-mm=nmmmtz 

"C»4*V^. 019(4, Bll7&J:tlHll8(c&lt*'?*— 

[0194] ore mmz^xmmth . 

1. jl— W^««il:tJ:-jT, EHJ3t-*& 
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[0195] 2 . &w-T-?mmw i ot±. mmm? 
hx v r s ABt -i-wffiB: n t nmzmwf- ?±f$& 

SI 1 ^Ogfl^-^IEftSn 1 UZWZikts. 
[0 1 9 6] 3. aE^-^^fi^Ml 1 MB 
<f>*-7i-.**14 0H Sfrf-^iElt&l 1 1 
K^&tftfclXHfflT-^Cknfc, IC#-FfflH 

i c vm<v7-*mm& m& . 

[0 19 7] 4. r^-fe^^r-yh^g|514 2Ji. R 
SA&tfcnfctfcfg^-kUT. 7;-feXft7 MBit 
SRI 1 StcaMSjhX^fcT?***-*--* htfcfcSR- 
[0198] 5 . miosis 1 1 2«, wi7*-*Ktt 

fflll 1 lfc#Sa**lfcRSAiaRn^)fck-T3«2 52: 

mrL^mmR' 

[»25] (25) R' =C* mod n 

[0 19 9] 6. iKlrYC, ^h*-fy^-7i-X|l 

14 011 I C^-HW V^-7x-X»l 4 1 13 

[0 2 0 0] T9MA+irv Hfttf I C#— K**>*R 

!KMIMBSI4rt2 6tJ:-j-c»t»S*it*T* 

S. 

HR2 6] (26) S = C« mod n 

[020 1] T?-feXf-$ry h2ftmCjfr-F**)#a 

[I&27] (27) s = CFt».eJ mod n 
7. EBJiT-^JiKilSl 1 +<0aEHB7 f -^^^ 1 1 
6(2. m&J:tftB2;iRJtffil 12. fc 

£{±5$2 8 % mH«HJftW^BDLTV^S^-^ii^2 9 
«IH»£fr4^Rfc»*. 

[IS28] (28) R = R' S mod n 

[»29] (29) R = R" S-i mod n 

[0 2 0 2] 8. EW7*-*±JSi8Il UiRZUWT 

-^msmm. 1 o n&m^—nmu 105 tzms-t 

[0 2 0 3] JJW>flsfflfc*iVvc, tfinflMR' ki£# 
flHlS«)StJWi N •fWPC&SlMiy-^X-r-i' 
a Mlfc, 9tJMHB*ffiR-*-& I C*-F 

* R £ WJW h * TtfMlfWIBSJBMW* £ i: W » . 

[0204] zommwte^ Tf-tx+trvhxaa 
1 1 3fcUi«flRor^-bxf-*-y hmmzti&tf. r 



[0205] rru ^-^ a m-^j^rn 
^«M«Mtft(cwmf-4RSAtHKn«. rry*-^ 

[0 20 6] T9 M*SRV14 2tt. 

-fmsmwi o*»^#i6fL«RSAiafcnt^-fc 
[0207] i&Knmmm a vmrnzn it*»ffi*> 

S»tWT*l »H^Wtt^fflv^RSA^BIMMW<0 

-ft*) 1 ?**. Poh 1 i g-He 1 lman#^ff|it? 

[0208] Pohl ig-He 1 lma n#*tfjtfp| 
**1 fflfcfcLT*S*SI«pSrfflv^*jirr, mkbL 
-C2mm$L<7)mn ( = pq) tffl^«RSAjMHn 
*fcJWr**Nl RSA^UBf^tH-OBg^^T 
ftS. L*»U RSA4MMW*TI1 -#*>«Efc8c 

stn^4>. t> d-^-oaD sit*-*-* £ ttwmtzmm. 

^tLtfflv^ia-Hlltfco^. Poh 
1 i g-He 1 lmanfl^itHi-Wt-Ttl Efcp 

3«Hlfc>16WfcLT 9. DES (Dat 

a Encryption Standard) Wii 

[0209] Z.<rmmX'\t. T94zA+* >yht iiiK 

HR3 0] 

(30) t = D + F (p, e ) 

[0210] Pi4-Hh**=a«»rr»*. 

[0211] i-^fH«flHBel4JL-Hfffc»Sr*l!rr 

[0212] T^-feXf-ir-y F*g^|D«i s SttpfiOt 
bT<0P o h 1 i g-He 1 1 m a nVm<7)&cr>—JrC 

[»31] 

(31) gcd (D. p-1) =1 
Z^X\ gcd (x, y)i±-gfcx. y<mi&m& 

[0 21 3] ^3 l(Cj:-5T^S$naffi«{2. ^3 2 

[SC3 2] 
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(32) ED mod 

[0214] zs&mm.F ( x. y ) nmummmL 

i»it h zmm LX . 3 3 «fc 5 fc:5£tf>S i h jFTS 

a. 

[»3 3 3 

(33) F (x, y ) =h (x | y) 

ort, S2 ofc«tt^2 1 i^mLxms.crmmmiz 
o^t $ &&i$ni&i!»i-*-& .E2o tems.<?mkM<o 

?»££jRU m2 lfiEI2 0ti5tt&T-?O:7n-£ 
^tT^S. 02O£:fcVvC. |EB87 r -^^a^g2 0 

jrattau o i , ss&aaBA o 2 s fijuKttau 

0 3 , Wtr-^EiMM 0 5 , aj&ffcflM 2 1 . flfi 

ffl*T-^iEiiSP4 2 2 . 3Lmmkim4 2 333 xv 

-*£j£gB4 »?-*e«»4 1 1 , mimn 
gP4i 2. T?±xi"!r>yhm&®4 1 3. m2mnm 
4i4, j--ifia«-ffl^ieiiaJ4 1 5 . mm'r-f&fs. 

gU4 1 6 . &J:tf£ISc±Jj)cSS4 3 0 £*,CT«JSS*VC 

[0 2 1 53 M^ov^TfiBB-rs. 

1. J-~WT7*X-tZ>Zkl,z£->T:. WW?-?®. 

[021632. m.w7-?tm&&4 o{±. mmm? 
-?c tmi^4 o i fcieiis*vcn&s3Scp tarn 
zmw7-?^mm4i#(7)%m"r-?3zmm4 1 1 

[0 2 1 73 .lOHSfeflajTfcL CO^jS^fc LXit. 

[02 183 SEBj7 f -^^iEga4'4 0 CD3USt?g±gB4 
0 2tJ;-?T. !§L&r£fflIfi<ggi54 0 ltefiy$3ftT^ 
&^pfc5tHcf^&£>iofc£l£U flJKEIIflU 

o 3 taw* . SLfMtas4 2 1 a. ina^4 oit 

-r-^E1fgl54 2 2fcfeii§^TV^-r-^C' £JRf§ 
LX. ^3 4<WJt*ff«r5. 
[&343 (34) C^ec' mod p 

iit, !SliEfflS7 ^ -^C• j*r-*iuc*tLTisi«5$ 

[15:3 53 (3 5 ) C =K B mod p 

[0219] 3. mmT-?£mm4 i*comimn 

£P4 1 2l£. T^-«rX^«y MB1SSP4 1 3^12113*1 

4 1 lfc»#&£ftfcRSAffi8[p<7)kk-C3£3 6£0l 

[&363 (36) R' =C* mod p 

(4 5) m i n {x>0 I a*=l 



P-1 = 1 

[02203 4. WJ\T-?£&m.4 1 *<0*glfc£j£ 
S54 3 0{i, a-fl«» 1 5fcE*3*i.T 
V^i— f<0EHrti8Be£Btf§U ^ 3 7 OH-KSrll^f 

[S37] (37) F (p, e) 

[022 1 3 5 . tM^-^iMlfi 1 1 +*)»2»* 
8B4 1 4i±, f£!££fi!tg|54 3 0tfi«§iltf-^^ 
WC. 5$3 8^ft#£ltfTLII4HPBS£#3. 

[St383 (38) s=C^f-«) mod p 
6. IHB?-*£jia6M4 1 4«OlEW7 f --*£tf»4 1 
6ii. £SliSj:tfgi2$£gg|54 1 2. 4 14KR' iJ 

[&39] (39) R=R' S-i mod p 
fcrtfU S-MiapfiOtfcT^S^jS^C. gp-fe. S4 0 

[&4 0 3 (4 0) SS"' 1 mod p = 1 
[02223 7 . iEB87 !r -^^Sa4 1 ttRtiPfl-f 

-?&IE§IS4 0 <0»tr-*E*«4 0 5 

6. 

[02233 8. |EBjT-^«lSEgS 1 0 4>*>fljkaHl 
Bfc*SP4 2 3li s aJcEitSP4 0 3+*»4>5fcte£lSL:fc 
a»r*»9ifiU 3*4 1 cDff-JISrfT&o . 

H&4 1] (41) K* =r-iR mod P 
Ht8iT-*£jftSIB4 lt*JV^Tffllf^fe*l*T^-fe^ 
^ y h 1 1 r^-c0H#«f8e <7)ffl^-^*iE t V ^ 

[02243 C^%HgcOlg^<0||S£fi?!|-C'«is ^HOUSS 
W;fc(t^RSA^ilBrf-<Ofti3 0t. E 1 Gam a 

[02253 Zaftmz&V&m^CDmMMX'lZ. T7 
•feX^^r-y h t(i<^£7)^4 2tZ&^Xik&Ztl&7 i ~ 
?Xh&. 

[SC4 2 3 

(42) t = X+F (p, e ) 

[02263 Piz+#±*%mmx'$>& . 

[02273 JL-mffftflHBe fcfca.-iffcfcWSrftarC 

[0 2 28 3 T^-fe^f-^yMBWiX»4. 2Hftp£>i» 
fcT<^E 1 Gama 1 tt^OiNMCTft 9 * Y^^JSE-T 



[&433 (43) 



Y — a 1 mod 



3t4 4mf4 5*mfr~t. 

[St4 4 3 (4 4) a * 0 

[»4 5 3 
mod p> = p — 1 
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[0229] Z&mmF (x, y){±M&ffitf®^L 
ilSth *f tjffl LX . 3$ 4 6 O J: 5 (C£K>& i t 
Ctfe4 6 3 

(46) F(x, y ) =h ( x I y) 

ojfte N B2 2fe«ktra2 3fc#liLTJIiA«S«»«* 
§ <o (cR»*-& .022 fcHtAsOSatMaWftfr 5* L . 
02 3l4»A«>IOJ5«fc^Jt4f , -^«)7a-fe*tT 

?^f^7 h^MiyHisse5 o i . fljk£±tf 5 o 

2. %LmttMB5 0 3. WS^-^Eiitf 5 0 5. SJK 

fl*52i. igiifflS7 r -^iei§si55 2 2. ajgts&m 

*355 2 3i5it/Htr¥a3 1 Ofc*X,"CHMUJ*VCV* 
*. IEBJ!T-*£j£aS5 lii. S«T-^ia^S?5 1 
1, miStffgP5 12. r^txfirv MBtttf5 1 

3. m2®M.ns i4. A-imFflmeitff 5 1 5. 

SH8? r -*£jR» 5 16. #«fct/»£j£S!5 305:# 

[0230] oyfclMPfcO V^TRWT s . 

1. a-W^-feXtSCttioT, Wr-*& 

sssasotfBn&rt*. 

.[02311 2. W%T t -?mE£iS.5 0{±. fgHffix 
-*<0fflu. Cfc. T***f-*-vMfclMHB«|I5 0 
1 fciE«S*i.r v^iSRp i: Sr. IBH'-*4jSS«5 

1 +s*»7*-5'Eii»5 1 1 tcssst*. 

[0232] BKffl*r-?E1ltt5 2 2£li. fgfEffl 

[0 2 3 3] uli, ±Kafttfep<0<)fcT5^«^JRa 

H&4 7] (4 7) u = a» mod p 

[0 2 34] C ii. T?-fcX^>--y^lSI«Y£. £ 

[iS:48] (48) C = Y*K mod P 
[0235] iXSEJBx-^cti. ifccoJ: 5 KifltSfi 
5. 

[0236] K9B'-*lttSi*5 0{i. fLSIS±&5 
0 2t«t-?T. ajfcrfer^-b^*-y h4aWME«» 
5 0 ltfla*S*iT^«jaftpfc2v»t*fc:*4J:3fc: 

l . aj&Gttffi 5 o 3 1: iBH-r * . 
[02373 »^ nmtm 52111 igaEMs-r- 

?IE1g&5 2 2^;:fE1g£ftT^>£7 ^ -?C , £JDtf§L 
[&4 9] (49) C = rC mod p 

[02383 3. aeiBT-^4iraeai5 i*v>mim& 

S55 1 2(2. T^-feXf-^-y bBBHtf 5 1 3(=IE1I3*1 



51 ite»*a4nfciSRp««.fcT3«5o*s(tffL+ 

[&50] (50) S = u* mod p 

[ o 2 3 9 ] 4 . mn^r—r'&mm.s 1 *<a*g»&ji£ 

SB 5 3 014. i-lTH*fllME«»5 1 5(cE*S*iT 

V^i-fOifffleJlRiL, ^5 lOffffSrH^T 

[&5 1] 

(51) F (p, e) 
[0240] 5 . tPKT-^^iJfcilBS 1 *<7>m2m% 

S55 1 4i±. mmiS8.&5 3 OT'dfefiSSfc-fcx-^ffl 
V>T. ^5 2^ft3££|g?TLil#tif$8S* 
[R523 

(52) S* = u F <*- e > mod p 
[0241] 6 . SEBJt-^^^S5 1 <£C0mWT~ 

?£j&M5 1 6i±. mi&*xm2WXM5 12.51 

[R53J 

(5 3) R = S" 1 S' C mo d p 
fctfU S-Hmpcr)i>kT<DS<vm$L, Wfc, 5^5 4 

H&54] (54) SS-i mod p = 1 
[0242] 7 . HBJt-?£J£^B5 1 liRMPBf* 

-*tfctE§IB5 0^gfi^-^E«»5 0 5 tjgSt?- 

6. 

[ o 2 4 3 ] 8 . rai7-?aiEKs i o ^nmam 

Bfc*gP5 2 3l±. SUafEUgBS 0 3+*»65fet*l«Lfc 
SL& r £JR 0 ffi U SC 5 5 OfWftfiSr 3 . 
[&55] (55) K' =r iR mod p 

Bji-r-?£j£gBi lco^^^firrs^ss-ffi^r^ 

^ H = RC-i mod p*ffOT£. «flti«& 

SffiS^lgfEffl^x-^ (u. C) K#U Hlffl^ab^ 

5tR=HC mod ptta!-3riEBj7 f — ^R$r^ 
t . IPJx-^^aSIB 1 0 izm-tX o iz-ttiiXZW 

zoxmizttM-fzumtLx. mmmmf-^u^ 

5 2 2(C|2iEfflmx-^^fflu, C $r^=6rifc^{tlS 
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English translation of [JP,10-247905,A] 

(Publication of Application Nos. 08-62076 and 09-000418) 

[Claim(s)] 

[Claim l] In the access rating authentication equipment which attests the 
above-mentioned user's access rating by verifying the justification of the certification 
data generated in order to prove a user's access rating The 1st storage means which 
memorizes the data for authentication, and the 2nd storage means which memorizes a 
user's proper information, The 3rd storage means which memorizes the auxiliary 
information for certification which it is as a result of activation that predetermined 
count was performed, to the above-mentioned user's proper information, and the 
description information on access rating authentication, The data for authentication 
currently held at the storage means of the above 1st, and the above-mentioned user's 
proper information memorized by the storage means of the above 2nd, A certification 
data generation means to perform predetermined count to the above-mentioned 
auxiliary information for certification memorized by the storage means of the above 3rd, 
and to generate certification data, Access rating authentication equipment 
characterized by having a certification data verification means to verify that the 
certification data generated by the above-mentioned certification data generation 
means are generated based on the description information on the above-mentioned 
access rating authentication. 

[Claim 2] Access rating authentication equipment according to claim 1 with which the 
storage means of the above 2nd and the above-mentioned certification data generation 
means are characterized by being held in a defense means to close observing internal 
data and an internal processing procedure from the outside if at least. 
[Claim 3] Access rating authentication equipment according to claim 1 characterized by 
constituting the storage means of the above 2nd, and the above-mentioned certification 
data generation means as a portable small arithmetic unit of an IC card etc. at least. 
[Claim 4] The above-mentioned certification data generation means consists of the 1st 
operation means and the 2nd operation means. The 1st operation means Predetermined 
count is performed to a user's proper information memorized by the storage means of 
the above 2nd, and the auxiliary information for certification memorized by the storage 
means of the above 3rd. The description information on the above-mentioned access 
rating authentication is computed as the result. The 2nd operation means Access rating 
authentication equipment according to claim 1 to 3 characterized by performing 
predetermined count to the data for authentication memorized by the storage means of 



the above 1st, and the description information on the access rating authentication 
computed by the 1st operation means, and generating the above-mentioned certification 
data as the result. 

[Claim 5] The above-mentioned certification data generation means consists of the 3rd 
operation means, the 4th operation means, and the 5th operation means. The 3rd 
operation means Predetermined count is performed to the data for authentication 
memorized by the storage means of the above 1st, and the auxiliary information for 
certification memorized by the storage means of the above 3rd. The 4th operation means 
The count result perform predetermined count to the data for authentication memorized 
by the storage means of the above 1st, and a user's proper information memorized by 
the 2nd storage means, and according [ the 5th operation means ] to the operation 
means of the above 3rd, Access rating authentication equipment according to claim 1 to 
3 characterized by performing predetermined count to the count result by the operation 
means of the above 4th, and generating the above-mentioned certification data as the 
result. 

[Claim 6] Access rating authentication equipment according to claim 5 with which the 
storage means of the above 2nd and the operation means of the above 4th are 
characterized by being held in a defense means to close observing internal data and an 
internal processing procedure from the outside if at least. 

[Claim 7] Access rating authentication equipment according to claim 5 characterized by 
constituting the storage means of the above 2nd, and the operation means of the above 
4th as a portable small arithmetic unit of an IC card etc. at least. 

[Claim 8] It is access rating authentication equipment according to claim 1 to 7 the 
description information on the above-mentioned access rating authentication is a 
decode key in a code function, and the above-mentioned data for authentication 
encipher suitable data using the encryption key corresponding to said decode key, and 
carry out that the above-mentioned certification data-verification means verifies that 
the above-mentioned certification data which the above-mentioned certification data 
generation means generates decode the data for authentication correctly as the 
description. 

[Claim 9] Access rating authentication equipment according to claim 1 to 7 
characterized by verifying that the above-mentioned certification data which the 
description information on the above-mentioned access rating authentication is an 
encryption key in a code function, and the above-mentioned certification data 
generation means generates encipher the above-mentioned data for authentication 
correctly using said encryption key. 



[Claim 10] Access rating authentication equipment according to claim 1 to 7 
characterized by verifying that the above-mentioned certification data which the 
description information on the above-mentioned access rating authentication is a 
signature key in a digital signature function, and the above-mentioned certification 
data generation means generates are the digital signature correctly generated to the 
above-mentioned data for authentication using said signature key. 

[Claim 11] Access rating authentication equipment of a key according to claim 8 or 9 
with which an encryption function is an unsymmetrical key code function, and the 
description information on access rating authentication comes out on the other hand, 
and it is characterized by a certain thing. 

[Claim 12] Access rating authentication equipment according to claim 11 characterized 
by for an encryption function being a public-key-encryption function, and the 
description information on access rating authentication being a private key. 
[Claim 13] Access rating authentication equipment according to claim 8 or 9 
characterized by for an encryption function being a symmetry key code function, and the 
description information on access rating authentication being a common private key. 
[Claim 14] The storage means of the above 1st, the storage means of the above 2nd, and 
the storage means of the above 3rd, The certification data generation equipment which 
consists of above-mentioned certification data generation means, and the 4th storage 
means which memorizes the data for authentication in addition to the above-mentioned 
certification data verification means, In the access rating authentication equipment 
with which certification data verification equipment equipped with the 5th storage 
means which memorizes certification data attests a user's access rating by 
communicating mutually Certification data verification equipment writes out the data 
for authentication memorized by the 4th storage means to the 1st storage means of 
certification data generation equipment. Certification data generation equipment The 
certification data generated based on the above-mentioned data for authentication 
written in the 1st storage means by the certification data generation means It is access 
rating authentication equipment according to claim 1 to 13 which writes out to the 5th 
storage means in certification data verification equipment, and carries out the 
description of certification data verification equipment attesting a user's access rating 
using the above-mentioned certification data written in the 5th storage means. 
[Claim 15] The description information on the above-mentioned access rating 
authentication is the encryption key of an encryption function, and certification data 
verification equipment is equipped with a random-number generation means. A 
random-number generation means is written in the 4th storage means by using the 



generated random number as the data for authentication. A certification data 
verification means Access rating authentication equipment according to claim 14 
characterized by verifying enciphering the data for authentication whose certification 
data written in the 5th storage means by certification data generation equipment are 
said random number with the encryption key which is the description information on 
access rating authentication. 

[Claim 16] The description information on access rating authentication is the decode 
key of an encryption function. Certification data verification equipment A 
random-number generation means, While it has the 6th storage means which 
memorizes the generated random number, and the 7th storage means which memorizes 
the ** data for authentication and a random-number generation means writes the 
generated random number in the 6th storage means After giving the random- number 
effectiveness which used said random number for the ** data for authentication 
memorized by the 7th storage means, it writes in the 4th storage means as data for 
authentication. A certification data verification means The result of having removed the 
random-number effectiveness by the random number memorized by the 6th storage 
means from the certification data in which it was written by the 5th storage means with 
the above-mentioned certification data generation equipment Access rating 
authentication equipment according to claim 14 characterized by verifying decoding the 
** data for authentication memorized by the 7th storage means with the decode key 
which is the description information on access rating authentication. 
[Claim 17] The description information on the above-mentioned access rating 
authentication is the signature key of a digital signature function. Certification data 
verification equipment is equipped with a random-number generation means, and a 
random-number generation means is written in the 4th storage means by using the 
generated random number as the data for authentication. A certification data 
verification means Access rating authentication equipment according to claim 14 
characterized by verifying that the certification data written in the 5th storage means 
by certification data generation equipment are a digital signature with the signature 
key it is [ key ] the description information on access rating authentication to the data 
for authentication which are said random number. 

[Claim 18] An encryption function is the RSA public key encryption under Law n, the 
description information on access rating authentication is a private key D, and the 
public key corresponding to a private key D is E. A certification data verification means 
The certification data R written in the 5th storage means E the data C for 
authentication remembered to be the squared result by the 4th storage means Access 



rating authentication equipment according to claim 15 characterized by verifying a 
congruent thing (RE mod n = C mod n) by the basis which is Law n. 
[Claim 19] An encryption function is the RSA public key encryption under Law n, and 
the description information on access rating authentication is a private key D. It is 
squared several K 1 (=KE mod n) E under n. the ** data for authentication which the 
public key corresponding to a private key D is E, and are memorized by the storage 
means of the above 7th - Data K - law - the random number r which generated the 
above-mentioned random-number generation means " law - with the number squared 
E under n It writes in said 4th storage means by using as the data for authentication 
several C (=rEK ! mod n) by which it multiplied under n. said K 1 - law - a certification 
data verification means the law of the random number r memorized by the 6th storage 
means — with the number which multiplied the certification data R in which it was 
written by the 5th storage means with certification data generation equipment by the 
inverse number under n Access rating authentication equipment according to claim 16 
characterized by verifying that said K is congruent under Law n (K mod n=r-lR mod n). 
[Claim 20] An encryption function is the RSA public key encryption under Law n, and 
the description information on access rating authentication is a private key D. The 
auxiliary information t for certification which the public key corresponding to a private 
key D is E, and is memorized by the storage means of the above 3rd A user's proper 
information e memorized by the storage means of the above 2nd is subtracted from said 
D. It is data (t=D-e+omegaphi (n)) which add a product with Euler number [ of the 
un-colliding nature function values omega (=G (n, e)) and n ] phi (n) depending on said n 
and e, and are obtained. The above-mentioned certification data generation means 
Furthermore, said t, the law from the data C for authentication written in said e and 
the 1st storage means - the access rating authentication equipment according to claim 
18 or 19 characterized by generating said certification data by calculating the Dth 
power (CD mod n) of C under n. 

[Claim 21] The above-mentioned certification data generation means consists of the 3rd 
operation means, the 4th operation means, and the 5th operation means. The 3rd 
operation means Said t-th power (Ct mod n) of said C is calculated under the describing 
[ above ] method n. The 4th operation means Said e-th power (Ce mod n) of said C is 
calculated under the describing [ above ] method n. The 5th operation means Access 
rating authentication equipment according to claim 20 characterized by generating the 
certification data R (=CtCe mod n) by multiplying by the count result of the 1st and 2nd 
operation means under the describing [ above ] method n. 

[Claim 22] Access rating authentication equipment according to claim 21 characterized 



by building in said 2nd storage means and said 4th operation means in a defense means 
to defend an internal processing procedure and data from external observation. 
[Claim 23] An encryption function is the RSA public key encryption under Law n, and 
the description information on access rating authentication is a private key D. The 
auxiliary information t for certification which the public key corresponding to a private 
key D is E, and is memorized by the storage means of the above 3rd It is data (t=D+F (n, 
e)) which add the un-colliding nature function value F depending on proper information 
e and said law n of the user memorized by the storage means of the above 2nd (n, e) to 
said D, and are obtained. The above-mentioned certification data generation means 
Said t, the law from the data C for authentication written in said e and said 1st storage 
means - the access rating authentication equipment according to claim 18 or 19 
characterized by generating said certification data by calculating the Dth power (CD 
mod n) of C under n. 

[Claim 24] The above-mentioned certification data generation means consists of the 3rd 
operation means, the 4th operation means, and the 5th operation means. The 3rd 
operation means Said t-th power (Ct mod n) of said C is calculated under the describing 
[ above ] method n. The 4th operation means Said F (n, e) ** (CF(n, e) mod n) of said C is 
calculated under the describing [ above ] method n. The 5th operation means Access 
rating authentication equipment according to claim 23 characterized by generating the 
certification data R (=CtC*F(n, e) mod n) under the describing [ above ] method n by 
multiplying by the inverse number of the count result of the 3rd operation means, and 
the count result of the 4th operation means. 

[Claim 25] Access rating authentication equipment according to claim 24 characterized 
by building in said 2nd storage means and said 4th operation means in a defense means 
to defend an internal processing procedure and data from external observation. 
[Claim 26] An encryption function is a Pohlig-Hellman unsymmetrical key code under 
Law p. The description information on access rating authentication is one key D, and 
the key of another side corresponding to Key D is E (DE mod p-1 = 1). A certification 
data verification means The certification data R written in the 5th storage means E The 
squared result, the data C for authentication memorized by the 4th storage means - 
law — the access rating authentication equipment according to claim 15 characterized 
by verifying a congruent thing (RE mod p = C mod p) under p. 

[Claim 27] An encryption function is a Pohlig-Hellman unsymmetrical key code under 
Law p. The description information on access rating authentication is one key D, and 
the key of another side corresponding to Key D is E (DE mod p-1 = l). It is squared 
several K' (=KE mod p) E under p. the ** data for authentication memorized by the 



storage means of the above 7th " Data K law - the above-mentioned random-number 
generation means It writes in said 4th storage means by using as the data for 
authentication several C (=rEK f mod p) by which it multiplied under p. the generated 
random number r - law " the number squared E under p, and said K' - law - the law of 
the random number r with which the certification data verification means is memorized 
by the 6th storage means - with the number which multiplied the certification data R 
in which it was written by the 5th storage means with certification data generation 
equipment by the inverse number under p Access rating authentication equipment 
according to claim 16 characterized by verifying that said K is congruent under Law p 
(K mod p=r-lR mod p). 

[Claim 28] An encryption function is a Pohlig-Hellman unsymmetrical key code under 
Law p. The description information on access rating authentication is one key D, and 
the key of another side corresponding to Key D is E (DE mod p-1 = l). It is data (t=D+F 
(p, e)) with which the auxiliary information t for certification memorized by the storage 
means of the above 3rd adds the un-colliding nature function value F depending on the 
user proper information e memorized by the storage means of the above 2nd, and said p 
(p, e) to said D, and is acquired. The above-mentioned certification data generation 
means Said t, the law from the data C for authentication written in said e and the 1st 
storage means - the access rating authentication equipment according to claim 26 or 27 
characterized by generating said certification data by calculating the Dth power (CD 
mod p) of C under p. 

[Claim 29] The above-mentioned certification data generation means consists of the 3rd 
operation means, the 4th operation means, and the 5th operation means. The 3rd 
operation means Said t-th power (Ct mod p) of said C is calculated under the describing 
[ above ] method p. The 4th operation means Under the describing [ above ] method p, 
the exponentiation (CF(p, e) mod p) of said C is calculated by making said F (p, e) into a 
characteristic. The 5th operation means Access rating authentication equipment 
according to claim 28 characterized by generating the certification data R (=CtC-F(p, e) 
mod p) under the describing [ above ] method p by multiplying by the inverse number of 
the count result of the 3rd operation means, and the count result of the 4th operation 
means. 

[Claim 30] Access rating authentication equipment according to claim 29 characterized 
by building in said 2nd storage means and said 4th operation means in a defense means 
to defend an internal computational procedure and data from external observation. 
[Claim 31] Encryption functions are Law p and the ElGamal public key encryption 
under Generator a. The description information on access rating authentication is one 



key X, and the public key corresponding to Key X is Y (Y = aX mod p). u - Above a - law 
- the number which made the suitable random number z the characteristic and carried 
out the exponentiation under p - it is (u=az mod p) - K 1 - Above Y " law - with the 
number which made the above-mentioned random number z the characteristic, and 
carried out the exponentiation under p When it is a product with Data K (K -YzK mod 
p), the group of u and K' is memorized by the storage means of the above 7th as ** data 
for authentication. The above-mentioned random-number generation means It writes in 
said 4th storage means by using as the data for authentication several C (=rK f modp) by 
which it multiplied under p. Above u and the generated random number r said K' - 
law - a certification data verification means the law of the random number r memorized 
by the 6th storage means with the number which multiplied, the certification data R 
in which it was written by the 5th storage means with certification data generation 
equipment by the inverse number under p Access rating authentication equipment 
according to claim 16 characterized by verifying that said K is congruent under Law p 
(K mod p=r- 1R mod p). 

[Claim 32] Encryption functions are Law p and the ElGamal public key encryption 
under Generator a. The description information on access rating authentication is one 
key X, and the public key corresponding to Key X is Y (Y = aX mod p). It is data (t=X+F 
(p, e)) with which the auxiliary information t for certification memorized by the storage 
means of the above 3rd adds the un-colliding nature function value F depending on the 
user proper information e memorized by the storage means of the above 2nd, and said p 
(p, e) to said X, and is acquired. The above-mentioned certification data generation 
means Said t, the law from the data u and C for authentication written in said e and the 
1st storage means the access rating authentication equipment according to claim 31 
characterized by generating the above-mentioned certification data by calculating 
under p the number (Cu-X mod p) which broke C by the Xth power of Above u. 
[Claim 33] The above-mentioned certification data generation means consists of the 3rd 
operation means, the 4th operation means, and the 5th operation means. The 3rd 
operation means Said t-th power (ut mod p) of said u is calculated under the describing 
[ above ] method p. The 4th operation means Said F (p, e) ** (uF(p, e) mod n) of said u is 
calculated under the describing [ above ] method p. The 5th operation means Access 
rating authentication equipment according to claim 32 characterized by generating the 
certification data R (=Cu-tuF(p, e) mod p) by being as a result of [ of the 3rd operation 
means ] count, breaking Above C under the describing [ above ] method p, and 
multiplying by the count result of the 4th operation means further. 

[Claim 34] Access rating authentication equipment according to claim 33 characterized 



by building in said 2nd storage means and said 4th operation means in a defense means 
to defend an internal computational procedure and data from external observation. 
[Claim 35] A signature function is the ElGamal signature under Law p and Generator a, 
and the description information on access rating authentication is one key X. The public 
key corresponding to Key X is Y (Y = aX mod p). A certification data verification means 
the certification data R and S written in the 5th storage means *- receiving ■■ law - 
under p The value which made the characteristic the data C for authentication 
memorized by the 4th storage means in Above a, and carried out the exponentiation, the 
product of the value which squared Above Y R, and the value which squared R S - law - 
the access rating authentication equipment according to claim 17 characterized by 
verifying a congruent thing (aC mod p = YRRS mod p) under p. 

[Claim 36] A signature function is the ElGamal signature under Law p and Generator a, 
and the description information on access rating authentication is one key X. The public 
key corresponding to Key X is Y (Y = aX mod p). It is data (t=X+F (p, e)) with which the 
auxiliary information t for certification memorized by the storage means of the above 
3rd adds the un*colliding nature function value F depending on the user proper 
information e memorized by the storage means of the above 2nd, and said p (p, e) to said 
X, and is acquired. The above-mentioned certification data generation means The k-th 
power of the above a under p is set to R 0=ak mod p). the certification data R and S - 
generating - hitting - the suitable random number k - generating - law - with said t 
Under law p-1 from the data C for authentication written in said e and the 1st storage 
means Access rating authentication equipment according to claim 35 characterized by 
calculating S (=(C-RX) k-1 mod p-l) by multiplying the number which lengthened the 
product of X and r from C by the inverse number of k. 

[Claim 37] Access rating authentication equipment according to claim 36 characterized 
by building in the 2nd storage means and a certification data generation means in a 
defense means to defend an internal computational procedure and data from external 
observation. 

[Claim 38] When the above-mentioned user's proper information is the decode key of a 
code function, the auxiliary information for certification enciphers the description 
information for access rating authentication with the encryption key corresponding to 
said decode key and the 1st operation means decodes the auxiliary information for 
certification using the decode key which is the above-mentioned user's proper 
information, it is access rating authentication equipment according to claim 4 which 
carries out [ computing the description information for access rating authentication, 
and ] as the description. 



[Claim 39] Access rating authentication equipment according to claim 38 characterized 
by for the above-mentioned code function being an unsymmetrical key code function, 
and a user's proper information being one key. 

[Claim 40] Access rating authentication equipment according to claim 39 characterized 
by for the above-mentioned code function being a public-key-encryption function, and a 
user f s proper information being a private key. 

[Claim 41] Access rating authentication equipment according to claim 38 characterized 
by for the above-mentioned code function being a symmetry key code function, and a 
user's proper information being a common private key. 

[Claim 42] The 8th storage means which memorizes the plaintext data corresponding to 
the above-mentioned data for authentication or the above-mentioned ** data for 
authentication with which the above-mentioned certification data verification means 
was enciphered, and which is data, The result of having removed the random-number 
effectiveness from the above-mentioned certification data with which it has a 
comparison means and the above-mentioned certification data generation means 
generated the above-mentioned comparison means, or certification data, Access rating 
authentication equipment according to claim 8 or 16 characterized by comparing the 
plaintext data memorized by the 8th storage means, restricting when both are in 
agreement, and judging that the above-mentioned certification data are just. 
[Claim 43] The 9th storage means which memorizes the result of having given the 
predetermined one-way function to the plaintext data corresponding to the 
above-mentioned data for authentication or the above-mentioned ** data for 
authentication with which the above-mentioned certification data verification means 
was enciphered, and which is data, It has the 6th operation means and comparison 
means which performs a top Norikazu directional function. The 6th operation means If 
required for the above-mentioned certification data which the above-mentioned 
certification data generation means generated, after removing the random-number 
effectiveness, a one-way function is given. The above-mentioned comparison means 
Access rating authentication equipment according to claim 8 or 16 characterized by 
comparing the data remembered to be a count result by the 6th operation means by the 
9th storage means, restricting when both are in agreement, and judging that the 
above-mentioned certification data are just. 

[Claim 44] The above-mentioned certification data verification means includes a 
program execution means. The above-mentioned data for authentication, or the 
above-mentioned ** data for authentication It is data which encipher a program and are 
obtained. The above-mentioned certification data verification means If required in the 



above-mentioned certification data which the certification data generation means 
generated, after removing the random-number effectiveness, by handing over for a 
program execution means as a program When a certification data generation means 
decodes correctly the enciphered above-mentioned data for authentication or the ** data 
for authentication which is a program, Namely, access rating authentication equipment 
according to claim 8 or 16 characterized by restricting when the enciphered program is 
decoded correctly, and a program execution means performing right actuation. 
[Claim 45] The program the above-mentioned certification data verification means is 
remembered to be by the program store means including the program execution means, 
the program store means, and the program decode means The part or all is enciphered. 
The above-mentioned data for authentication, or the above-mentioned ** data for 
authentication It is data which encipher separately the decode key for decoding said 
enciphered program, and are obtained. The above-mentioned certification data 
verification means The above-mentioned certification data which the certification data 
generation means generated are handed over for a program decode means. A program 
decode means If required in the certification data which said certification data 
generation means generated, after removing the random-number effectiveness, by using 
as a decode key By performing the program which decodes the required part of the 
program memorized by the program store means and by which the program execution 
means was decoded When a certification data generation means decodes correctly the 
above-mentioned data for authentication, or the ** data for authentication, Namely, 
access rating authentication equipment according to claim 8 or 16 characterized by 
restricting when a decode key is decoded correctly, in order to decode the enciphered 
program, and a program execution means performing right actuation. 
[Claim 46] Access rating authentication equipment according to claim 14 which 
communicates without forming the above-mentioned certification data generation 
equipment and the above-mentioned certification data authentication equipment in the 
same housing, and the above-mentioned certification data generation equipment and 
the above-mentioned certification data authentication equipment understanding the 
communication media of the exterior of the housing concerned. 

[Claim 47] In the access rating authentication approach which attests the 
above-mentioned user's access rating by verifying the justification of the certification 
data generated from the data for authentication in order to prove a user's access rating 
The step which memorizes the above-mentioned data for authentication, and the step 
which memorizes a user's proper information, The step which memorizes the auxiliary 
information for certification which it is as a result of activation that predetermined 



count was performed, to the above-mentioned user's proper information, and the 
description information on access rating authentication, The step which performs 
predetermined count to the above-mentioned data for authentication, the 
above-mentioned user's proper information, and the above-mentioned auxiliary 
information for certification, and generates certification data, The access rating 
authentication approach characterized by having the step which verifies that the 
certification data generated by the above-mentioned certification data generation 
means are generated based on the description information on the above-mentioned 
access rating authentication. 

[Claim 48] In order to attest the above-mentioned user's access rating by verifying the 
justification of the certification data generated from the data for authentication in order 
to prove a user's access rating In the program product for access rating authentication 
used by computer The step which memorizes the above-mentioned data for 
authentication, and the step which memorizes a user's proper information, The step 
which memorizes the auxiliary information for certification which it is as a result of 
activation that predetermined count was performed, to the above-mentioned user's 
proper information, and the description information on access rating authentication, 
The step which performs predetermined count to the above-mentioned data for 
authentication, the above-mentioned user's proper information, and the 
above-mentioned auxiliary information for certification, and generates certification 
data, The program product for access rating authentication characterized by using the 
step which verifies that the certification data generated by the above-mentioned 
certification data generation means are generated based on the description information 
on the above-mentioned access rating authentication for performing the 
above-mentioned computer. 

[Claim 49] In order to generate from the data for authentication, the certification data 
which have the justification verified in order to attest a user's access rating In the 
program product for certification data generation used by computer The step which 
memorizes the above-mentioned data for authentication, and the step which memorizes 
a user's proper information, The step which memorizes the auxiliary information for 
certification which it is as a result of activation that predetermined count was 
performed, to the above-mentioned user's proper information, and the description 
information on access rating authentication, The program product for certification data 
generation characterized by being used for making the above-mentioned computer 
perform the step which performs predetermined count to the above-mentioned data for 
authentication, the above-mentioned user's proper information, and the 



above-mentioned auxiliary information for certification, and generates certification 
data. 

[Claim 50] In the program execution control unit which attests the above-mentioned 
user's access rating and controls program execution based on authentication of the 
above-mentioned rating by verifying the justification of the certification data generated 
in order to prove a user's access rating The 1st storage means which memorizes the data 
for authentication, and the 2nd storage means which memorizes a user's proper 
information, The 3rd storage means which memorizes the auxiliary information for 
certification which it is as a result of activation that predetermined count was 
performed, to the above-mentioned user's proper information, and the description 
information on access rating authentication, The above-mentioned user's proper 
information memorized by the storage means of the above 2nd and the above-mentioned 
auxiliary information for certification memorized by the storage means of the above 3rd 
are used. A certification data generation means to generate the above-mentioned 
certification data from the above-mentioned data for authentication, The program 
execution control unit characterized by having a means to verify the justification of the 
certification data generated from the above-mentioned certification data generation 
means, and a means to continue program execution when the justification of the 
above-mentioned certification data is verified. 

[Claim 51] In the information processor which attests the above-mentioned user's access 
rating and permits access to the above-mentioned predetermined information 
processing resource by verifying the justification of the certification data generated in 
order to prove access rating of the user to a predetermined information processing 
resource The 1st storage means which memorizes the data for authentication, and the 
2nd storage means which memorizes a user's proper information, The 3rd storage 
means which memorizes the auxiliary information for certification which it is as a 
result of activation that predetermined count was performed, to the above-mentioned 
user's proper information, and the description information on access rating 
authentication, The above-mentioned user's proper information memorized by the 
storage means of the above 2nd ■ and the above-mentioned auxiliary information for 
certification memorized by the storage means of the above 3rd are used. A certification 
data generation means to generate the above-mentioned certification data from the 
above-mentioned data for authentication, The information processor characterized by 
having a means to verify the justification of the certification data generated from the 
above-mentioned certification data generation means, and a means to permit access to 
the above-mentioned predetermined information processing resource based on 



verification of the above-mentioned justification. 

[Detailed Description of the Invention] 
[0001] 

[Field of the Invention] This invention relates to the access rating authentication 

equipment and the approach of attesting a user's access rating. 

[0002] 

[Description of the Prior Art] 

[Related technique] The program execution control technique is known as advanced 
technology belonging to this invention and an isomerism field. The user who has tried 
activation of application inspects holding the key for authentication of normal, a 
program execution control technique embeds the routine for a user's access rating 
authentication into 1. application program, 2. this routine restricts it, when existence of 
the key for the 3. above-mentioned authentication is checked, it continues a program, 
and when other, it is the technique which stops program execution. By using this 
technique, activation of an application program can be closed to him, if only to the user 
of the normal which holds an authentication key. It is put in practical use in the 
software distribution enterprise and this technique is Rainbow as a product. 
Technologies, Sentinel of an Inc. company SuperPro (trademark) and Aladdin 
Knowledge There is an HASP (trademark) of a SystemssLtd. company etc. 
[0003] A program execution control technique is explained more below at a detail. 

1. The user who performs software holds an authentication key as user proper 
information. An authentication key is a key for encryption and those who permit use of 
software, for example, a software vendor, distribute it to a user. An authentication key is 
severely enclosed with the memory in hardware etc., in order to prevent a duplicate, 
and it is delivered by the user using a postal physical means. 

2. A user equips a proprietary personal computer workstation by the approach which 
had the hardware which built in the authentication key specified. A printer port is 
equipped with hardware. 

3. If a user starts an application program and program execution attains to the 
above-mentioned access rating authentication routine, a program will communicate 
with the hardware which built in a user's authentication key. If a program identifies an 
authentication key and existence of a right authentication key is checked based on the 
result of a communication link, activation will be moved to the following step. When a 
communication link goes wrong and existence of an authentication key cannot be 
checked, a program stops oneself and can be made not to perform subsequent activation. 



[0004] Discernment of the authentication key by the access rating authentication 
routine is performed according to the following protocols, for example. 

1. An access rating authentication routine generates a suitable number, and transmits 
to hardware with a built-in key. 

2. The hardware with a built-in key enciphers the number sent using the authentication 
key to build in, and answers the above-mentioned access rating authentication routine. 

3. An authentication routine judges whether it is the number with which the answered 
number enciphers the number expected beforehand, i.e., the number transmitted to 
hardware, with a right authentication key, and is obtained. 

4. In being in agreement with the number with which the answered number was 
expected, it continues program execution, and in not being in agreement, it stops. 
[0005] Under the present circumstances, even if the communication link between an 
application program and hardware with a built-in authentication key is exchanged 
between the same hardware in the same part in the same application program, they 
must differ at every activation. Otherwise, it will also enable the user who does not hold 
a right authentication key to perform a program by performing the reply to an 
application program as it recorded the contents of a communication link in a normal 
activation process once, and it recorded, whenever it performed the program after that. 
Unjust activation of the application program by reappearance of such contents of a 
communication link is called a replay attack (replay attack). 

[0006] In order to prevent a replay attack, the number sent to hardware with a built-in 
key usually uses the random number newly generated at every communication link. 
[0007] The trouble of the [trouble of conventional technique] conventional technique 
originates in the property in which protection processing of a program must be 
performed based on this authentication key, after a programmer assumes beforehand 
the authentication key which a user has, when creating an application program. That is, 
only when the right reply from hardware with a built-in key is predicted at the time of a 
programming and a right reply is received, a programmer has to create a program so 
that a program may be performed normally. 

[0008] Although the use gestalt of the conventional technique of having the 
above-mentioned description becomes two kinds fundamentally, it has the problem 
which states below in any case. 

[0009] 1. In a primary method, prepare a user's authentication key so that it may differ 
for every user. That is, every one different authentication key for every user is prepared 
for the user first like authentication **** at authentication **** and the user second. 
[00 10] In this case, a programmer needs to change the authentication routine in a 



program appropriately for every user, and needs to create a program. That is, since 
authentication keys differ for every user, the authentication routine in a program must 
be created so that the authentication key of the user proper using this program may be 
identified, and a programmer needs to create the program from which only the number 
of use users differs. 

[00 11] When the target users are a large number, the activity which changes a program 
an individual exception for every user requires an effort intolerable for a programmer, 
and becomes what also has a huge list of user authentication keys which must be 
managed. 

[0012] 2. By the second approach, a programmer prepares an authentication key which 
is different for every application, respectively. That is, every one authentication key 
which is different for every application like authentication **** is prepared for the 
application first at authentication **** and the application second, and each application 
program is created so that the authentication key of a proper may be identified. 
[0013] Although the need of creating a program individually for every user like [ in the 
case of a primary method ] is lost by this approach, as for a user, only the number of the 
applications to be used must hold an authentication key conversely. 

[0014] As for this constraint, the following problems are caused in a programmer and 
each user. 

[0015] As mentioned above, it is necessary to distribute an authentication key to a user 
in the condition of having enclosed with hardware severely. Therefore, it cannot but 
depend for distribution of the hardware which builds in an authentication key on 
physical means, such as mail, to the ability to distribute the program itself simple 
through a network, the hardware with which the authentication key corresponding to 
this application whenever a programmer receives since [ use consent / of application ] 
from a user was enclosed " it is necessary to mail - cost, time amount, and the time and 
effort of packing - any - very much - a programmer - **** - it becomes a big burden. 
[0016] A programmer has to do the fixed number stock of the different hardware for 
every application so that he may meet the demand of a user, and he needs the cost of 
stock control. 

[0017] Moreover, a user must be content with the complicatedness that hardware must 
be exchanged whenever it changes the application to be used. 

[0018] Though he wants to use application with a user, it must wait until the hardware 
with which the authentication key was enclosed is mailed, and there is also 
inconvenience that it cannot use immediately. 

[0019] The method of teaching a user the password for making the intact authentication 



key in hardware available, whenever it encloses two or more authentication keys 
beforehand into hardware and permits a user use of new application, in order to 
mitigate this burden is used. However, even if it uses this approach, the 
above-mentioned trouble's not being solved theoretically is clear. On the occasion of 
commercialization, hardware is designed so that more than one may be enabled to 
connect and to join together, and it has actually eased inconvenient [ resulting from the 
above-mentioned trouble ]. 

[0020] Thus, even if it takes which [ above-mentioned / two ] approach, a problem exists 
in the convenience of a programmer and a user. 

[0021] In addition, considering the external special feature of execution control, it can 
imagine [ that it is applicable also to the access control of privacy protection and the file 
of e-mail, or a computer resource, and ]. However, even if it is going to apply the 
conventional technique to these fields, it is impossible by the above-mentioned trouble. 
[0022] 

[Problem(s) to be Solved by the Invention] In case it cancels and has the both sides by 
the side of a user and an application implementer's etc. protection and program 
execution control, the privacy protection of e-mail, a file, the access control of a 
computer resource, etc. are performed from the fault derived from this invention being 
made in consideration of the above situation, and dealing with proper information, such 
as many authentication keys, it aims at offering the access rating authentication 
technique which enabled it to attest a user's access rating simply. 
[0023] 

[Means for Solving the Problem] To the access rating authentication equipment which 
attests the above-mentioned user's access rating by verifying the justification of the 
certification data generated in order to prove a user's access rating in order to attain the 
above-mentioned purpose according to the 1st side face of this invention The 1st storage 
means which memorizes the data for authentication, and the 2nd storage means which 
memorizes a user's proper information, The 3rd storage means which memorizes the 
auxiliary information for certification which it is as a result of activation that 
predetermined count was performed, to the above-mentioned user's proper information, 
and the description information on access rating authentication, The data for 
authentication currently held at the storage means of the above 1st, and the 
above-mentioned user's proper information memorized by the storage means of the 
above 2nd, A certification data generation means to perform predetermined count to the 
above-mentioned auxiliary information for certification memorized by the storage 
means of the above 3rd, and to generate certification data, He is trying to establish a 



certification data verification means to verify that the certification data generated by 
the above-mentioned certification data generation means are generated based on the 
description information on the above-mentioned access rating authentication. 
[0024] According to this configuration, the description information for access rating 
authentication which is a protection side and is given, and the user proper information 
given to a user side can be made to become independent by introducing the auxiliary 
data for certification (access ticket). Access rating of users, such as execution control, 
can be attested by a user's possessing user proper information beforehand, and 
protection persons 1 , such as a programmer's, preparing the description information on 
access rating authentication independently of the user proper information which a user 
possesses, and creating an access ticket according to a user's proper information and the 
description information on access rating authentication used for creation of an 
application program etc., and distributing. Thus, the complicatedness produced when a 
user and a protection side attest using the same information is avoidable. 
[0025] Moreover, in this configuration, the storage means of the above 2nd and the 
above-mentioned certification data generation means may be made to be held in a 
defense means to close observing internal data and an internal processing procedure 
from the outside if at least. Moreover, the storage means of the above 2nd and the 
above-mentioned certification data generation means may be made to be constituted as 
a portable small arithmetic unit of an IC card etc. at least. 

[0026] The above-mentioned certification data generation means consists of the 1st 
operation means and the 2nd operation means. Moreover, the 1st operation means 
Predetermined count is performed to a user's proper information memorized by the 
storage means of the above 2nd, and the auxiliary information for certification 
memorized by the storage means of the above 3rd. The description information on the 
above-mentioned access rating authentication is computed as the result. The 2nd 
operation means Predetermined count is performed to the data for authentication 
memorized by the storage means of the above 1st, and the description information on 
the access rating authentication computed by the 1st operation means, and the 
above-mentioned certification data can be generated as the result. 

[0027] The above-mentioned certification data generation means consists of the 3rd 
operation means, the 4th operation means, and the 5th operation means. Moreover, the 
3rd operation means Predetermined count is performed to the data for authentication 
memorized by the storage means of the above 1st, and the auxiliary information for 
certification memorized by the storage means of the above 3rd. The 4th operation means 
The count result perform predetermined count to the data for authentication memorized 



by the storage means of the above 1st, and a user's proper information memorized by 
the 2nd storage means, and according [ the 5th operation means ] to the operation 
means of the above 3rd, Predetermined count is performed to the count result by the 
operation means of the above 4th, and the above-mentioned certification data can be 
generated as the result. Also in this case, the storage means of the above 2nd and the 
operation means of the above 4th may be made to be held in a defense means to close 
observing internal data and an internal processing procedure from the outside if at least. 
Moreover, the storage means of the above 2nd and the operation means of the above 4th 
can be constituted as a portable small arithmetic unit of an IC card etc. at least. In the 
embodiment as which a means to hold in a defense means can be made small-scale with 
this configuration, and the small configuration especially using IC chip etc. is required, 
it is effective. 

[0028] Moreover, the description information on the above-mentioned access rating 
authentication is a decode key in a code function, and the above-mentioned data for 
authentication encipher suitable data using the encryption key corresponding to said 
decode key, and you may make it the above-mentioned certification data-verification 
means verify that the above-mentioned certification data which the above-mentioned 
certification data generation means generates decode the data for authentication 
correctly. 

[0029] Moreover, you may make it verify that the above-mentioned certification data 
which the description information on the above-mentioned access rating authentication 
is an encryption key in a code function, and the above-mentioned certification data 
generation means generates encipher the above-mentioned data for authentication 
correctly using said encryption key. 

[0030] Moreover, you may make it verify that the above-mentioned certification data 
which the description information on the above-mentioned access rating authentication 
is a signature key in a digital signature function, and the above-mentioned certification 
data generation means generates are the digital signature correctly generated to the 
above-mentioned data for authentication using said signature key. 

[0031] Moreover, an encryption function may be an unsymmetrical key code function, 
and the description information on access rating authentication may be one side of a key. 
[0032] Moreover, an encryption function may be a public-key-encryption function, and 
the description information on access rating authentication may be a private key. 
[0033] Moreover, an encryption function may be a symmetry key code function, and the 
description information on access rating authentication may be a common private key. 
[0034] Moreover, the storage means of the above 1st, the storage means of the above 2nd, 



and the storage means of the above 3rd, The certification data generation equipment 
which consists of above-mentioned certification data generation means, and the 4th 
storage means which memorizes the data for authentication in addition to the 
above-mentioned certification data verification means, In the access rating 
authentication equipment with which certification data verification equipment 
equipped with the 5th storage means which memorizes certification data attests a 
user's access rating by communicating mutually Certification data verification 
equipment writes out the data for authentication memorized by the 4th storage means 
to the 1st storage means of certification data generation equipment. Certification data 
generation equipment The certification data generated based on the above-mentioned 
data for authentication written in the 1st storage means by the certification data 
generation means It writes out to the 5th storage means in certification data 
verification equipment, and certification data verification equipment can attest a user's 
access rating using the above-mentioned certification data written in the 5th storage 
means. 

[0035] Moreover, the description information on the above-mentioned access rating 
authentication is the encryption key of an encryption function. Certification data 
verification equipment is equipped with a random-number generation means, and a 
random-number generation means is written in the 4th storage means by using the 
generated random number as the data for authentication. A certification data 
verification means You may make it verify enciphering the data for authentication 
whose certification data written in the 5th storage means by certification data 
generation equipment are said random number with the encryption key which is the 
description information on access rating authentication. 

[0036] The description information on access rating authentication is the decode key of 
an encryption function. Certification data verification equipment Moreover, a 
random-number generation means, While it has the 6th storage means which 
memorizes the generated random number, and the 7th storage means which memorizes 
the ** data for authentication and a random-number generation means writes the 
generated random number in the 6th storage means After giving the random-number 
effectiveness which used said random number for the ** data for authentication 
memorized by the 7th storage means, it writes in the 4th storage means as data for 
authentication. A certification data verification means The result of having removed the 
random-number effectiveness by the random number memorized by the 6th storage 
means from the certification data in which it was written by the 5th storage means with 
the above-mentioned certification data generation equipment You may make it verify 



decoding the ** data for authentication memorized by the 7th storage means with the 
decode key which is the description information on access rating authentication. 
[0037] Moreover, the description information on the above-mentioned access rating 
authentication is the signature key of a digital signature function. Certification data 
verification equipment is equipped with a random-number generation means, and a 
random-number generation means is written in the 4th storage means by using the 
generated random number as the data for authentication. A certification data 
verification means You may make it verify that the certification data written in the 5th 
storage means by certification data generation equipment are a digital signature with 
the signature key it is [ key ] the description information on access rating 
authentication to the data for authentication which are said random number. 
[0038] It is the RSA public key encryption under n, the description information on 
access rating authentication is a private key D, and the public key corresponding to a 
private key D is E. moreover, an encryption function -■ law - a certification data 
verification means the data C for authentication remembered to be the result of having 
squared the certification data R written in the 5th storage means E by the 4th storage 
means - law - you may make it verify a congruent thing (RE mod n = C mod n) under n 
[0039] It is the RSA public key encryption under n, and the description information on 
access rating authentication is a private key D. moreover, an encryption function - law 
-- It is squared several K 1 (=KE mod n) E under n. the ** data for authentication which 
the public key corresponding to a private key D is E, and are memorized by the storage 
means of the above 7th - Data K - law -- the random number r which generated the 
above-mentioned random-number generation means - law " with the number squared 
E under n It writes in said 4th storage means by using as the data for authentication 
several C (=rEK'mod n) by which it multiplied under n. said K 1 - law — a certification 
data verification means the law of the random number r memorized by the 6th storage 
means - with the number which multiplied the certification data R in which it was 
written by the 5th storage means with certification data generation equipment by the 
inverse number under n You may make it verify that said K is congruent under Law n 
(K mod n=r-lR mod n). 

[0040] It is the RSA public key encryption under n, and the description information on 
access rating authentication is a private key D. moreover, an encryption function - law 
*- The auxiliary information t for certification which the public key corresponding to a 
private key D is E, and is memorized by the storage means of the above 3rd A user's 
proper information e memorized by the storage means of the above 2nd is subtracted 
from said D. It is data (t=D-e+omegaphi (n)) which add a product with Euler number [ of 



the un-colliding nature function values omega (=G (n, e)) and n ] phi (n) depending on 
said n and e, and are obtained. The above-mentioned certification data generation 
means Furthermore, said t, the law from the data C for authentication written in said e 
and the 1st storage means - you may make it generate said certification data by 
calculating the Dth power (CD mod n) of C under n 

[0041] The above-mentioned certification data generation means consists of the 3rd 
operation means, the 4th operation means, and the 5th operation means. Moreover, the 
3rd operation means Said t-th power (Ct mod n) of said C is calculated under the 
describing [ above ] method n. The 4th operation means You may make it the 5th 
operation means generate the certification data R (=CtCe mod n) by multiplying by the 
count result of the 1st and 2nd operation means under the describing [ above ] method n 
by calculating said e-th power (Ce mod n) of said C under the describing [ above ] 
method n. Also in this case, said 2nd storage means and said 4th operation means may 
be made to be built in in a defense means to defend an internal processing procedure 
and data from external observation. 

[0042] It is the RSA public key encryption under n, and the description information on 
access rating authentication is a private key D. moreover, an encryption function - law 
The auxiliary information t for certification which the public key corresponding to a 
private key D is E, and is memorized by the storage means of the above 3rd It is data 
(t=D+F (n, e)) which add the un-colliding nature function value F depending on proper 
information e and said law n of the user memorized by the storage means of the above 
2nd (n, e) to said D, and are obtained. The above-mentioned certification data 
generation means Said t, the law from the data C for authentication written in said e 
and said 1st storage means - you may make it generate said certification data by 
calculating the Dth power (CD mod n) of C under n 

[0043] The above-mentioned certification data generation means consists of the 3rd 
operation means, the 4th operation means, and the 5th operation means. Moreover, the 
3rd operation means Said t-th power (Ct mod n) of said C is calculated under the 
describing [ above ] method n. The 4th operation means Said F (n, e) ** (CF(n, e) mod n) 
of said C is calculated under the describing [ above ] method n. The 5th operation means 
You may make it generate the certification data R (=CtC-F(n, e) mod n) under the 
describing [ above ] method n by multiplying by the inverse number of the count result 
of the 3rd operation means, and the count result of the 4th operation means. 
[0044] Moreover, said 2nd storage means and said 4th operation means may be made to 
be built in in a defense means to defend an internal processing procedure and data from 
external observation. 



[0045] It is a Pohlig-Hellman unsymmetrical key code under p. moreover, an encryption 
function - law - The description information on access rating authentication is one key 
D, and the key of another side corresponding to Key D is E (DE mod p-1 = l). A 
certification data verification means the data C for authentication remembered to be 
the result of having squared the certification data R written in the 5th storage means E 
by the 4th storage means - law " you may make it verify a congruent thing (RE mod p = 
C mod p) under p 

[0046] It is a Pohlig-Hellman unsymmetrical key code under p. moreover, an encryption 
function - law - The description information on access rating authentication is one key 
D, and the key of another side corresponding to Key D is E (DE mod p-1 = l). It is 
squared several K' (=KE mod p) E under p. the ** data for authentication memorized by 
the storage means of the above 7th - Data K - law - the above-mentioned 
random-number generation means It writes in said 4th storage means by using as the 
data for authentication several C (=rEK' mod p) by which it multiplied under p. the 
generated random number r - law " the number squared E under p, and said K' " law " 
the law of the random number r with which the certification data verification means is 
memorized by the 6th storage means - with the number which multiplied the 
certification data R in which it was written by the 5th storage means with certification 
data generation equipment by the inverse number under p You may make it verify that 
said K is congruent under Law p (K mod p=r- 1R mod p). 

[0047] It is a Pohlig-Hellman unsymmetrical key code under p. moreover, an encryption 
function law ■■ The description information on access rating authentication is one key 
D, and the key of another side corresponding to Key D is E (DE mod p-1 = 1). It is data 
(t=D+F (p, e)) with which the auxiliary information t for certification memorized by the 
storage means of the above 3rd adds the un-colliding nature function value F depending 
on the user proper information e memorized by the storage means of the above 2nd, and 
said p (p, e) to said D, and is acquired. The above-mentioned certification data 
generation means Said t, the law from the data C for authentication written in said e 
and the 1st storage means -■ you may make it generate said certification data by 
calculating the Dth power (CD mod p) of C under p 

[0048] The above-mentioned certification data generation means consists of the 3rd 
operation means, the 4th operation means, and the 5th operation means. Moreover, the 
3rd operation means Said t-th power (Ct mod p) of said C is calculated under the 
describing [ above ] method p. The 4th operation means Under the describing [ above ] 
method p, the exponentiation (CF(p, e) mod p) of said C is calculated by making said F 
(p, e) into a characteristic. The 5th operation means You may make it generate the 



certification data R (=CtOF(p, e) mod p) under the describing [ above ] method p by 
multiplying by the inverse number of the count result of the 3rd operation means, and 
the count result of the 4th operation means. Also in this case, said 2nd storage means 
and said 4th operation means may be made to be built in in a defense means to defend 
an internal computational procedure and data from external observation. 
[0049] Moreover, encryption functions are Law p and the ElGamal public key encryption 
under Generator a. The description information on access rating authentication is one 
key X, and the public key corresponding to Key X is Y (Y = aX mod p). u - Above a - law 
■■ the number which made the suitable random number z the characteristic and carried 
out the exponentiation under p - it is (u=az mod p) - K* - Above Y •* law - with the 
number which made the above-mentioned random number z the characteristic, and 
carried out the exponentiation under p When it is a product with Data K (K—YzK mod 
p), the group of u and K' is memorized by the storage means of the above 7th as ** data 
for authentication. The above-mentioned random-number generation means It writes in 
said 4th storage means by using as the data for authentication several C (=rK ! modp) by 
which it multiplied under p. Above u and the generated random number r said K* — 
law -- a certification data verification means the law of the random number r memorized 
by the 6th storage means " with the number which multiplied the certification data R 
in which it was written by the 5th storage means with certification data generation 
equipment by the inverse number under p You may make it verify that said K is 
congruent under Law p (K mod p=r-lR mod p). 

[0050] Moreover, encryption functions are Law p and the ElGamal public key encryption 
under Generator a. The description information on access rating authentication is one 
key X, and the public key corresponding to Key X is Y (Y = aX mod p). It is data (t=X+F 
(p, e)) with which the auxiliary information t for certification memorized by the storage 
means of the above 3rd adds the un-colliding nature function value F depending on the 
user proper information e memorized by the storage means of the above 2nd, and said p 
(p, e) to said X, and is acquired. The above-mentioned certification data generation 
means Said t, the law from the data u and C for authentication written in said e and the 
1st storage means - you may make it generate the above-mentioned certification data 
by calculating under p the number (Cu-X mod p) which broke C by the Xth power of 
Above u 

[0051] The above-mentioned certification data generation means consists of the 3rd 
operation means, the 4th operation means, and the 5th operation means. Moreover, the 
3rd operation means Said t-th power (ut mod p) of said u is calculated under the 
describing [ above ] method p. The 4th operation means Said F (p, e) ** (uF(p, e) mod n) 



of said u is calculated under the describing [ above ] method p. The 5th operation means 
You may make it generate the certification data R (=Cu-tuF(p, e) mod p) by being as a 
result of [ of the 3rd operation means ] count, breaking Above C under the describing 
[ above ] method p, and multiplying by the count result of the 4th operation means 
further. In this case, said 2nd storage means and said 4th operation means may be 
made to be built in in a defense means to defend an internal computational procedure 
and data from external observation. 

[0052] Moreover, a signature function is the ElGamal signature under Law p and 
Generator a. The description information on access rating authentication is one key X, 
and the public key corresponding to Key X is Y (Y = aX mod p). A certification data 
verification means the certification data R and S written in the 5th storage means - 
receiving - law -- under p the product of the value which made the characteristic the 
data C for authentication memorized by the 4th storage means in Above a, and carried 
out the exponentiation, and the value which squared Above Y R and the value which 
squared R S - law - you may make it verify a congruent thing (aC modp = YRRS mod p) 
under p 

[0053] Moreover, a signature function is the ElGamal signature under Law p and 
Generator a. The description information on access rating authentication is one key X, 
and the public key corresponding to Key X is Y (Y = aX mod p). It is data (t=X+F (p, e)) 
with which the auxiliary information t for certification memorized by the storage means 
of the above 3rd adds the un-colliding nature function value F depending on the user 
proper information e memorized by the storage means of the above 2nd, and said p (p, e) 
to said X, and is acquired. The above-mentioned certification data generation means 
The k-th power of the above a under p is set to R (=akmod p). the certification data R 
and S generating - hitting — the suitable random number k - generating - law - 
with said t You may make it calculate S (=(ORX) k-1 mod p-l) by multiplying the 
number which lengthened the product of X and r from C by the inverse number of k 
under law p-l from the data C for authentication written in said e and the 1st storage 
means. In this case, the 2nd storage means and a certification data generation means 
may be made to be built in in a defense means to defend an internal computational 
procedure and data from external observation. 

[0054] Moreover, the above-mentioned user's proper information is the decode key of a 
code function, and when the auxiliary information for certification enciphers the 
description information for access rating authentication with the encryption key 
corresponding to said decode key and the 1st operation means decodes the auxiliary 
information for certification using the decode key which is the above-mentioned user's 



proper information, the description information for access rating authentication may 
make compute. In this case, the above-mentioned code function may be an 
unsymmetrical key code function, and a user's proper information may be one key. 
Moreover, the above-mentioned code function may be a public-key-encryption function, 
and a user's proper information may be a private key. Moreover, an account code 
function may be a symmetry key code function, and a user's proper information may be 
a common private key. 

[0055] Moreover, 8th storage means by which the above-mentioned certification data 
verification means memorizes the plaintext data corresponding to the enciphered 
above-mentioned data for authentication or the above-mentioned ** data for 
authentication which is data further, The result of having removed the random-number 
effectiveness from certification data if needed [ that have a comparison means and the 
above-mentioned certification data generation means generated the above-mentioned 
comparison means / the above-mentioned certification data or if needed ], The plaintext 
data memorized by the 8th storage means are compared, when both are in agreement, it 
restricts, and you may make it judge that the above-mentioned certification data are 
just. 

[0056] Moreover, 9th storage means by which the above-mentioned certification data 
verification means memorizes the result of having given the predetermined one-way 
function to the plaintext data corresponding to the enciphered above-mentioned data for 
authentication or the above-mentioned ** data for authentication which is data, further, 
It has the 6th operation means and comparison means which performs a top Norikazu 
directional function. The 6th operation means If required for the above-mentioned 
certification data which the above-mentioned certification data generation means 
generated, after removing the random-number effectiveness, a one-way function is 
given. The above-mentioned comparison means The data remembered to be a count 
result by the 6th operation means by the 9th storage means are compared, when both 
are in agreement, it restricts, and you may make it judge that the above-mentioned 
certification data are just. 

[0057] The above-mentioned certification data verification means includes a program 
execution means further. Moreover, the above-mentioned data for authentication, or the 
above-mentioned ** data for authentication It is data which encipher a program and are 
obtained. The above-mentioned certification data verification means If required in the 
above-mentioned certification data which the certification data generation means 
generated, after removing the random-number effectiveness, by handing over for a 
program execution means as a program It restricts, when the above-mentioned data for 



authentication or the ** data for authentication with which the certification data 
generation means was enciphered and which is a program is decoded correctly (i.e., 
when the enciphered program is decoded correctly), and a program execution means 
may be made to perform right actuation. 

[0058] Moreover, the program the above-mentioned certification data verification means 
is further remembered to be by the program store means including the program 
execution means, the program store means, and the program decode means The part or 
all is enciphered. The above-mentioned data for authentication, or the above-mentioned 
** data for authentication It is data which encipher separately the decode key for 
decoding said enciphered program, and are obtained. The above-mentioned certification 
data verification means The above-mentioned certification data which the certification 
data generation means generated are handed over for a program decode means. A 
program decode means By using the certification data which said certification data 
generation means generated as a decode key, after removing the random-number 
effectiveness, if required By performing the program which decodes the required part of 
the program memorized by the program store means and by which the program 
execution means was decoded It restricts, when a certification data generation means is 
correctly decoded in the above-mentioned data for authentication, or the ** data for 
authentication (i.e., in order to decode the enciphered program when a decode key is 
decoded correctly), and a program execution means may be made to perform right 
actuation. 

[0059] Moreover, the above-mentioned certification data generation equipment and the 
above-mentioned certification data authentication equipment are formed in the same 
housing, and the above-mentioned certification data generation equipment and the 
above-mentioned certification data authentication equipment may be made to 
communicate, without understanding the communication media of the exterior of the 
housing concerned. 

[0060] Moreover, it sets to the access rating authentication approach which attests the 
above-mentioned user's access rating by verifying the justification of the certification 
data generated from the data for authentication in order to prove a user's access rating 
according to the 2nd side face of this invention. The step which memorizes the 
above-mentioned data for authentication, and the step which memorizes a user's proper 
information, The step which memorizes the auxiliary information for certification which 
it is as a result of activation that predetermined count was performed, to the 
above-mentioned user's proper information, and the description information on access 
rating authentication, The step which performs predetermined count to the 



above-mentioned data for authentication, the above-mentioned user ! s proper 
information, and the above-mentioned auxiliary information for certification, and 
generates certification data, It is made to perform the step which verifies that the 
certification data generated by the above-mentioned certification data generation 
means are generated based on the description information on the above-mentioned 
access rating authentication. 

[0061] Moreover, in order to attest the above-mentioned user's access rating by verifying 
the justification of the certification data generated from the data for authentication in 
order to prove a user's access rating according to the 3rd side face of this invention In 
the program product for access rating authentication used by computer The step which 
memorizes the above-mentioned data for authentication, and the step which memorizes 
a user's proper information, The step which memorizes the auxiliary information for 
certification which it is as a result of activation that predetermined count was 
performed, to the above-mentioned user's proper information, and the description 
information on access rating authentication, The step which performs predetermined 
count to the above-mentioned data for authentication, the above-mentioned user's 
proper information, and the above-mentioned auxiliary information for certification, 
and generates certification data, He is trying to use the step which verifies that the 
certification data generated by the above-mentioned certification data generation 
means are generated based on the description information on the above-mentioned 
access rating authentication for performing the above-mentioned computer. 
[0062] Moreover, in order to generate the certification data which have justification 
verified in order to attest a user's access rating from the data for authentication 
according to the 4th side face of this invention In the program product for certification 
data generation used by computer The step which memorizes the above-mentioned data 
for authentication, and the step which memorizes the proper information on user **, 
The step which memorizes the auxiliary information for certification which it is as a 
result of activation that predetermined count was performed, to the above-mentioned 
user's proper information, and the description information on access rating 
authentication, He is trying to use the step which performs predetermined count to the 
above-mentioned data for authentication, the above-mentioned user's proper 
information, and the above-mentioned auxiliary information for certification, and 
generates certification data for performing the above-mentioned computer. 
[0063] Moreover, the above-mentioned user's access rating is attested by verifying the 
justification of the certification data generated in order to prove a user's access rating 
according to the 5th side face of this invention. The 1st storage means which memorizes 



the data for authentication to the program execution control device which controls 
program execution based on authentication of the above-mentioned rating, The 2nd 
storage means which memorizes a user's proper information, and the above-mentioned 
user's proper information, The 3rd storage means which memorizes the auxiliary 
information for certification which it is as a result of activation that predetermined 
count was performed, to the description information on access rating authentication, 
The above-mentioned user's proper information memorized by the storage means of the 
above 2nd and the above-mentioned auxiliary information for certification memorized 
by the storage means of the above 3rd are used. He is trying to establish a certification 
data generation means to generate the above-mentioned certification data from the 
above-mentioned data for authentication, a means to verify the justification of the 
certification data generated from the above-mentioned certification data generation 
means, and a means to continue program execution when the justification of the 
above-mentioned certification data is verified. 

[0064] To moreover, the information processor which attests the above-mentioned user's 
access rating and permits access to the above-mentioned predetermined information 
processing resource by verifying the justification of the certification data generated in 
order to prove access rating of the user to a predetermined information processing 
resource according to the 6th side face of this invention The 1st storage means which 
memorizes the data for authentication, and the 2nd storage means which memorizes a 
user's proper information, The 3rd storage means which memorizes the auxiliary 
information for certification which it is as a result of activation that predetermined 
count was performed, to the above-mentioned user's proper information, and the 
description information on access rating authentication, The above-mentioned user's 
proper information memorized by the storage means of the above 2nd and the 
above-mentioned auxiliary information for certification memorized by the storage 
means of the above 3rd are used. A certification data generation means to generate the 
above-mentioned certification data from the above-mentioned data for authentication, a 
means to verify the justification of the certification data generated from the 
above-mentioned certification data generation means, and a means to grant a 
permission in access to the above-mentioned predetermined information processing 
resource based on verification of the above-mentioned justification are made to prepare. 
[0065] 

[The mode of implementation of invention] First, the theoretic example of a 
configuration of this invention is explained. The user authentication system of this 
example of a configuration is applicable not only to the execution control of application 



but access controls, such as privacy protection and the file of e-mail, and a computer 
resource. 

[0066] In drawing 1. the user authentication system consists of certification data 
verification equipment 10 and certification data generation equipment 11, and 
certification data generation equipment 11 receives the access ticket (auxiliary data for 
certification) 13 from access ticket generation equipment 12. Certification data 
verification equipment 10 performs the verification routine 15. Certification data 
generation equipment 11 holds the user proper information 16 and the access ticket 13, 
and performs the certification data generator 17. 

[0067] Access ticket generation equipment 12 is prepared for an application 
implementer's etc. protection side, or the third person who can trust it. The access ticket 
13 is generated based on the description information 14 and the user proper information 
16 on access rating authentication, this access ticket 13 is sent to a user through 
sending of a communication link or a floppy diskette, and access ticket generation 
equipment 12 is held at a user's certification data generation equipment 11. Then, 
certification data verification equipment 10 sends out the data 18 for authentication to 
certification data generation equipment 11. Certification data generation equipment 11 
generates the certification data 19 using the access ticket 13 and the user proper 
information 16, and answers certification data verification equipment 10 in this. 
Certification data verification equipment 10 verifies the justification of certification 
data based on the data for authentication. That is, it verifies that certification data are 
data generated based on the data for authentication, and the description information on 
access rating authentication. 

[0068] If the justification of certification data is verified, a user's access rating will be 
attested and program execution continuation, access to a file, etc. will be allowed 
according to this. 

[0069] The above configuration is further explained taking the case of the execution 
control of an application program. 

[0070] In such a configuration, the user of an application program holds the user proper 
information 16 for even free first. User proper information is the important only 
information that it is equivalent to the password in password authentication, and a 
user's identity is proved. Since a user without the just right of use will also be allowed 
use of an application program etc. when a user can copy and distribute the user proper 
information 16, the user proper information 16 is protected by the defense means so 
that the user who is the just holder cannot steal this, either. The hardware (it is 
hereafter called tamper-proof hardware) which has the defense force to theft of the 



internal state by the probe can constitute this defense means. About the 
implementation technique of tamperp roof hardware, it mentions later. 
[0071] Moreover, in addition to the above-mentioned user proper information 16, the 
certification data generator 17 which performs predetermined count procedure is given 
to a user. This program 17 is for communicating with the user authentication routine in 
application (certification data verification routine 15), and if two parameters, the user 
proper information 16 and the access ticket 13, are given, it will generate the 
certification data 19 which calculate to the input value of arbitration and prove a user's 
identity. Although the user proper information 16 is used in process of this count, since 
there is a problem when the user proper information 16 is revealed outside for the 
reason explained above, a part of above-mentioned program [ at least ] needs to be 
protected by the above-mentioned defense means. 

[0072] Suppose that the user proper information storage means protected by the 
above-mentioned defense means and a part of program, the equipment (for example, 
constituted by memory and MPU) for performing this program part, and the 
above-mentioned defense means are combined hereafter, and it is called a token (the 
sign 20 of drawing 1 shows). A token can also be considered as the configuration which 
has portability like an IC card. 

[0073] On the other hand, into an application program, the certification data 
verification routine 15 is incorporated like the conventional execution control technique. 
The certification data verification routine 15 is the same as that of the conventional 
technique in the point created so that it may communicate with the above-mentioned 
certification data generator 17 which a user holds, a reply result (certification data 19) 
may restrict to a right case and it may continue program execution. Therefore, the 
programmer needs to learn how to calculate the combination of transmit data (data 18 
for authentication), and the right reply data (certification data 19) to it. 
[0074] Several operations of the certification data verification routine 15 are described 
below. 

1. Into the certification data verification routine 15, the reply data (expected value) it is 
expected that are data (data 18 for authentication) which should be transmitted are 
embedded. The certification data verification routine 15 takes out the above-mentioned 
transmit data, transmits to a user, and receives a reply from a user. Subsequently, the 
reply data and the above-mentioned expected value from a user are compared, when 
both are in agreement, the next step of a program is performed, and program execution 
is stopped when not in agreement. 

[0075] Here, in being as a result of the encryption to which reply data follow the 



predetermined encryption algorithm of transmit data, the description information on 
access rating authentication serves as an encryption key. 

[0076] 2. Into the certification data verification routine 15, the data which should be 
transmitted, and the data (expected value) which gave the one-way function to the reply 
data expected are embedded. The certification data verification routine 15 takes out the 
above-mentioned transmit data, transmits to a user, and receives a reply from a user. 
Subsequently, when both are in agreement with reply data firom a user in the value 
which gave the top Norikazu directional function as compared with the 
above-mentioned expected value, the next step of a program is performed, and program 
execution is stopped when not in agreement. 

[0077] Here, in being as a result of the encryption to which reply data follow the 
predetermined encryption algorithm of transmit data, the description information on 
access rating authentication serves as an encryption key. 

[0078] 3. Give the protection it is made to become impossible [ this program execution ] 
by enciphering according to the encryption algorithm which was able to define a part of 
code of an application program beforehand. The certification data verification routine 15 
transmits the code by which encryption was carried out [ above-mentioned ] to a user, 
and performs procedure which replaces with the code before encryption the value 
received as the reply. 

[0079] According to the above configuration, it restricts, when it is right decode of the 
code as which reply data were enciphered, and this program execution becomes possible. 
The description information on the access rating authentication in this case serves as a 
decode key for decoding the enciphered code. 

[0080] 4. Give the protection it is made to become impossible [ this program execution ] 
by enciphering according to the encryption algorithm which was able to define a part of 
code of an application program beforehand. Furthermore, it embeds into the 
certification data verification routine 15 by using as transmit data the data which 
enciphered separately the encryption key used for encryption of the above-mentioned 
code, and the decode key which makes a pair. The certification data verification routine 
15 transmits the decode key by which encryption was carried out [ above-mentioned ] to 
a user, and decodes the code by which encryption was carried out [ above-mentioned ] by 
using as a decode key the value received as the reply. 

[0081] According to the above configuration, when reply data are the decode key 
decoded correctly, the code by which encryption of the hook was carried out 
[ above-mentioned ] is decoded correctly, and this program execution of it becomes 
possible. The description information on the access rating authentication in this case 



serves as a decode key for decoding the enciphered decode key. 

[0082] Now, with the conventional execution control technique, user proper information 
(a user's authentication key) is the same as the description information on access rating 
authentication. The conventional certification data generating routine calculates reply 
data by considering as an input the description information on access rating 
authentication, and the data transmitted from the certification data verification routine. 
[0083] On the other hand, the user proper information 16 and the description 
information 14 on access rating authentication have the description of this invention in 
a mutually-independent point, the data (data 18 for authentication) with which the 
certification data generator 17 was transmitted from the user proper information 16 
and the certification data verification routine 15 also in this example of a configuration 
- in addition, reply data (certification data 19) are calculated by considering the access 
ticket 13 as an input. This configuration has the following properties. . 
[0084] 1. The access ticket 13 is data calculated based on the specific user proper 
information 16 and the description information 14 on access rating authentication. 

2. It is impossible in computational complexity at least to calculate the description 
information 14 on access rating authentication for the user proper information 16 from 
the access ticket 13 to not knowing. 

3. The certification data generator 17 calculates right reply data only within the case 
where the right combination of the user proper information 16 and the access ticket 13, 
i.e., the combination of the access ticket 13 calculated based on the user proper 
information 16 and this user proper information 16, is inputted. 

[0085] By the above, a programmer can perform execution control by a user possessing 
the user proper information 16 beforehand by creating an application program 
independently [ the user proper information 16 which a user possesses ], creating the 
access ticket 13 according to the user proper information 16 and the description 
information 14 on access rating authentication used for creation of an application 
program, and distributing. 

[0086] Moreover, the proper information which shall consist of two proper information 
and uses the user proper information 16 on the occasion of creation of the access ticket 
13, and the proper information which a user uses in a communications program can also 
be distinguished and used. The most typical example is the approach of making user 
proper information 16 a public key pair, and exhibiting a public key, using for access 
ticket creation, and enclosing the individual key into the token 20 as a user individual's 
confidential information. In this case, it becomes possible by enabling it to calculate the 
access ticket 13 from the description information 14 on access rating authentication, 



and the public key of the above-mentioned public key pair to calculate the access ticket 

13, keeping the user proper information 16 secret. 

[0087] 

[Example] It is based on an example about a concrete configuration by the next, and 
explains. 

[Whole configuration] 

[0088] Before describing the example according to concrete individual, the overview of 
the operation gestalt of this invention is described below. 

[0089] First, the case where this invention is used for the execution control of the 
application program which operates on a user's PC or a workstation is described. 
Drawing 2 shows the whole equipment configuration in this operation gestalt. In 
addition, in drawing 2 R> 2, the sign corresponding to a corresponding part is attached 
with drawing 1 , and detailed explanation is not repeated. 

[0090] In this operation gestalt, certification data generation equipment 11 is realizable 
as a program 32 for certification on the computer 31 which a user uses. Under the 
present circumstances, in order to raise the safety of the proper information (user 
proper information) for identifying a user, it is also possible to use together the 
hardware 33 for certification (an IC card, board, etc.) with which this computer 31 is 
equipped and which has a tamper-proof property. Under the present circumstances, if 
hardware with portability like an IC card is used, it is convenient when a user works on 
two or more PCs or a workstation. 

[0091] Certification data verification equipment 10 is constituted as a part of 
application program 34 which this user uses. That is, if a user starts this application 
program 34 on PC or a workstation, the certification data verification equipment 10 
described as a program in this application program 34 is started, it will communicate 
with certification data generation equipment 11, user authentication will be performed, 
and activation of this application program will be enabled only within the case where a 
communication link is completed correctly. 

[0092] In order for a user to use said application program 34 with which certification 
data verification equipment 10 was embedded, it is published by user him and it is 
necessary to acquire the auxiliary information for certification corresponding to said 
application program (access ticket). When user proper information is enclosed with the 
IC card, a user equips said PC or workstation with an IC card, for example, while 
registering the acquired access ticket into the program 32 for certification installed on 
said PC or the workstation. 

[0093] Certification data generation equipment 11 (constituted by the program and IC 



card on PC or a workstation) calculates based on user proper information and an access 
ticket, and performs a communication link with certification data verification 
equipment 10 based on the count. 

[0094] As a result of a communication link, when user proper information, the access 
ticket, and said application program 34 with which certification data verification 
equipment 10 was embedded correspond surely [ three ], it restricts that authentication 
by certification data verification equipment 10 is successful. 

[0095] Authentication is not successfiil when either user proper information or an 
access ticket is missing. 

[0096] An access ticket is published by specific addressing to a user. That is, a specific 
user's user proper information is used on the occasion of generation of an access ticket. 
When the user proper information used for an access ticket generate time and said user 
proper information used by certification data generation equipment 11 are not in 
agreement, authentication is not successful too. 

[0097] Moreover, an access ticket is generated based on the description information on 
specific access rating authentication, and certification data verification equipment 10 is 
constituted so that the description information on this access rating authentication may 
be attested. Therefore, authentication is not successful also when the description 
information used as the basis of generation of an access ticket and the description 
information which the certification data verification equipment 10 currently embedded 
at the application program 34 tends to attest do not correspond mutually. 
[0098] In addition, in drawing 2 , 35 is control programs, such as an operating system, 
and 36 shows hardware at large. 

[0099] Moreover, it is good also as that with which it performs on another computer by 
which the application program 34 was combined by the network, and an activation 
result communicates to the computer which a user uses through a network. In this case, 
it becomes a configuration based on the so-called server client model. In the case of 
execution control of the application program performed on a user's PC described 
previously or a workstation, when a server client model is followed to the 
communication link with certification data generation equipment 11 and certification 
data verification equipment 10 being performed as the so-called interprocess 
communication, the communication link with certification data generation equipment 
11 and certification data-verification equipment 10 is performed as a communication 
link according to network protocols, such as TCP/IP. 

[0100] Moreover, also when the application program is constituted on the dedicated 
device, it is possible to apply this invention. For example, the whole certification data 



generation equipment shall be mounted in an IC card, and the acquired access ticket 
shall also be registered into an IC card. Although certification data verification 
equipment is mounted on said dedicated device, this dedicated device is equipped with 
the slot for inserting an IC card, and a user attests by inserting the IC card owned into 
this slot. The configuration by such dedicated device is applicable to the ATM machine 
of a bank, the game machine in a game center, etc. 

[0101] About acquisition of the access ticket by the user, there are an approach of a 
common pin center,large generating according to the issue request from a user, and 
distributing and an approach which the implementer of an application program borrows 
the assistance of an access ticket issue program or access ticket generation equipment, 
and generates according to an individual. 

[0102] Although it is good also as what is delivered by the user through portable mold 
storages, such as a floppy disk, since the access ticket is equipped with sufficient safety, 
the generated access ticket may be constituted so that it may be delivered through a 
network using an electronic mail etc. 

[0103] The safeties of an access ticket are the following two properties. 
[0104] the user by whom an access ticket is a registered form, namely, the access ticket 
was published - only he (holder of the user proper information that it was correctly 
used for the access ticket generate time) can operate certification data generation 
equipment correctly using this access ticket. Therefore, even if a holder in bad faith 
intercepts a network and gets other users' access ticket unjustly, unless this third 
person gets the user proper information of the user of the normal which is the issue 
place of an access ticket, it is impossible to use this access ticket. 

[0105] The access ticket holds still stricter safety. That is, even if a holder in bad faith 
collects the access tickets of the arbitration number and performs what kind of analysis, 
it is impossible to constitute equipment which another access ticket is forged 
[ equipment ] based on the acquired information, or actuation of certification data 
generation equipment is copied [ equipment ], and forms authentication. 
[0106] Below, it is based on an example and a more concrete configuration is explained. 
[The first example] 

[0107] In the first example in this invention, the access ticket t is data generated based 

on the following formula 1. 

[Equation l] (l) t = D-e+omegaphi (n) 

Each notation in an upper type expresses the following. 

[0108] n is the product of the number p and q of the RSA methods, i.e., the two 
sufficiently big prime factors, (n=pq). 



[0109] phi (n) is the Euler number of n, i.e., the product of p-1 and q-1, (phi (n) = (p-l) 
(q-D). 

[0110] The user proper information e is a different number for every user, and it is used 
in order to identify a user. 

[01 11] the access ticket private key D law - it is a RSA private key under a number n, 
and a formula 2 is filled. 

[Equation 2] (2) gcd(D, phi (n)) =1 - here, gcd (x y) expresses the greatest common 
measure of more than 2 [ x ] and y. The property expressed by the formula (2) 
guarantees that several E which fills a formula 3 exists. 
[Equation 3] 

(3) ED mod phi (n) = IE is called an access ticket public key. 

[0112] omega is a number which becomes settled depending on n and e, and when n 
differs either from e, its value of the corresponds easily, twists it (it does not collide), and 
it is defined like. There is also a method of omega setting and defining omega like a 
formula 4 as an example of the direction using one-way hash function h. 
[Equation 4] (4) Omega=h (n I e) 

However, notation | expresses junction of a bit string. 

[0113] One-way hash functions are x which fills h(x) =h (y) and which is different from 
each other, and a function in which computing y has the property in which it is 
remarkable and difficult. As an example of an one-way hash function, it is RSA. Data 
Security The specification SHS (Secure Hash Standard) by MD2 and MD4 by Inc., MD5, 
and the U.S. federal government is known. 

[0114] In the number which appeared during the above "mentioned explanation, t, E, 
and n can be exhibited and D, e, omega, p, remaining q, and remaining phi (n) need to 
be secret in addition to those who have the right which creates a ticket. With reference 
to drawing, the first example is further explained to a detail. Drawing 3 shows the 
configuration of the first example in this invention, and drawing 4 shows the flow of the 
data in drawing 3 . In drawing 3. certification data verification equipment 10 is 
constituted including the access ticket public key storage section 101, the 
random-number-generation section 102, the random-number storage section 103, the 
received-data storage section 105, the verification section 106, the activation section 107, 
and the error-processing section 108. Moreover, certification data generation equipment 
11 is constituted including the received-data storage section 111, the 1st operation part 
112, the access ticket storage section 113, the 2nd operation part 114, the user proper 
information storage section 115, and the certification data generation section 116. 
[0115] Actuation is explained below. 



1. When a user accesses, certification data verification equipment 101 is started. The 
following gestalten can be considered about starting of certification data verification 
equipment 10. 

[0116] When certification data verification equipment 10 is constituted as a part of 
application program which operates on a user's PC or a workstation, a user starts this 
application program by the usual approach using designating devices, such as a 
keyboard or a mouse. Certification data verification equipment 10 is started by things 
by reaching the program whose activation of an application program constitutes 
certification data verification equipment 10. 

[0117] certification data verification equipment 10 constitutes on other PCs tied with 
the network, or a workstation (it is called a server) - having - **** - a case •- a user - 
oneself - when the communications program on PC or a workstation is started and this 
communications program performs a communicative open request to said server 
according to a predetermined procedure, certification data verification equipment 10 is 
started. For example, in case a user's communications program communicates with a 
server, supposing it follows the procedure called TCP/IP, it will enable the demon (inetd) 
on a server to start certification data verification equipment 10 according to a TCP 
connection request by matching certification data verification equipment with the 
specific port of a server beforehand, and setting up so that a user's communications 
program may specify this port further and a TCP connection request may be required of 
a server. Such an implementation approach is widely used in networks, such as the 
Internet. 

[0118] It is also possible to use certification data verification equipment 10 as the 
equipment of the exclusive purpose. For example, certification data verification 
equipment 10 can be constituted as a program written in the program or EEPROM 
which was able to be burned on ROM in an IC card reader writer, and certification data 
generation equipment 11 can be considered as the program mounted in the 
microcontroller of an IC card. In this case, when a user inserts an IC card in a reader 
writer, certification data verification equipment 10 is started. 

[0119] 2. the law of the RSA cryptograph certification data verification equipment 10 is 
remembered to be by the data C for authentication, and the access ticket public key 
storage section 101 - although a number n is written in the received-data storage 
section 111 in certification data generation equipment 11, this data C for authentication 
is generated by the following approaches. 

[0120] By the random-number-generation section 102 in certification data verification 
equipment, a random number r is generated so that it may become the number n of the 



RSA methods and relatively prime which are held at the access ticket public key storage 
section 101, and it records on the random-number storage section 103. Furthermore, let 
this random number r be the data C for authentication, the certification data which 
certification data generation equipment 11 returns in this case so that it may mention 
later - C " law - it becomes what was enciphered using RSA cryptograph also as ** of a 
number n. 

[0121] Since the value of C is the random-number r itself, it turns into a different value 
at every communication link, and has the effectiveness of preventing a replay attack. 
[0122] 3. the RSA method which the 1st operation part 112 in certification data 
generation equipment 11 acquired the access ticket t memorized by the access ticket 
storage section 113, and was written in the received-data storage section 111 - it is a 
several n basis, and perform a formula 5 and obtain middle information R\ 
[Equation 5] (5) R—Ct mod n [0123] 4. a user's proper information e that the 2nd 
operation part 114 in certification data generation equipment 11 is memorized by the 
user proper information storage section 115 -- acquiring - count of a formula 6 - 
performing - difference " acquire Information S. 

[Equation 6] (6) S=Ce mod The certification data generation section 116 in n5. 
certification data generation equipment 11 obtains R' and S from the 1st and 2nd 
operation part 112 and 114, calculates a formula 7 and obtains R. 

[Equation 7] (7) R=R f S mod n [0124] 6. Certification data generation equipment 11 
returns R to the received-data storage section 105 of certification data verification 
equipment 10. 

[0125] 7. the open characteristic E and the RSA method the verification section 106 in 
certification data verification equipment 10 is held first at the certification data R 
returned to the received-data storage section 105, and the access ticket public key 
storage section 101 - calculate a formula 8 based on several n. 

[Equation 8] (8) RE mod It confirms that a formula 9 is realized by n Ranking second 
and comparing with this count result the random number C (=r) currently held in the 
random-number storage section 103. 
[Equation 9] 

(9) C mod n = RE mod When n type (9) is materialized, the activation section 107 is 
started, processing is continued, when not materialized, the error-processing section 
108 is started and error processing is performed. 

[0126] [the second example] - the configuration of the access ticket t in the second 
example of this invention and the operation of certification data certification equipment 
are the same as that of it in said first example. The data for authentication which 



certification data verification equipment 10 generates in the second example to 
certification data having been a data encryption for authentication in the first example 
are encryption (with the random-number effectiveness) of certification data, and 
certification data generation equipment 11 decodes the data for authentication, and 
generates certification (have maintained random-number effectiveness) data. With 
reference to drawing, the second example is further explained to a detail. Drawing 5 
shows the configuration of the second example in this invention, and drawing 6 shows 
the flow of the data in drawing 5 . In drawing 5. certification data verification 
equipment 10 is constituted including the access ticket public key storage section 101, 
the random-number- generation section 102, the random-number storage section 103, 
the received-data storage section 105, the random-number-ized section 121, the ** data 
storage section 122 for authentication, the random-number effectiveness removal 
section 123, and the activation means 310. Moreover, certification data generation 
equipment 11 is constituted including the received-data storage section 111, the 1st 
operation part 112, the access ticket storage section 113, the 2nd operation part 114, the 
user proper information storage section 115, and the certification data generation 
section 116. 

[0127] Actuation is explained below. 

1. When a user accesses, certification data verification equipment 10 is started. 
[0128] It is not different from the case of the first example for the server program on the 
server connected through PC, workstation, and network of the application program and 
user who operate on a user's PC or a workstation or all of the equipment of dedication 
like an IC card reader writer to be possible as the implementation approach of 
certification data verification equipment. 

[0129] 2. the law of the RSA cryptograph by which certification data verification 
equipment 10 is held at the data C for authentication, and the access ticket public key 
storage section 101 - although a group with a number n is written in the received-data 
storage section 111 in certification data generation equipment 11, the data C for 
authentication are generated by the following approaches. 

[0130] By the random-number-generation section 102 in certification data verification 
equipment, a random number r is generated so that it may become the number n of the 
RSA methods and relatively prime which are held at the access ticket public key storage 
section 101, and it records on the random-number storage section 103. the open 
characteristic E as which the random-number-ized section 121 is stored in the access 
ticket public key storage section 101, and law - a formula 10 is calculated by acquiring 
a number n and acquiring data C 1 further memorized by the ** data storage section 122 



for authentication. 

[Equation 10] (10) C=rEC* mod n - here, ** data C f for authentication is the value which 
was generated so that relational expression 11 might be filled to Data K, and was stored 
in the ** data storage section 122 for authentication. 

[Equation 11] (ll) C -KE mod n here, if certification data verification equipment 10 is 
constituted so that Data K may not be held to certification data verification equipment 
but only C which it is as a result of the encryption may be held instead, risk of Data K 
being revealed from certification data verification equipment 10 is avoidable. 
[0131] if it sees fundamentally - the data C for authentication - law - the basis of a 
number n - RSA cryptograph using - Data K - enciphering - certification data 
generation equipment 11 - C - law - Data K are reproduced by decoding using RSA 
cryptograph under a number n. However, since it always becomes the same thing and 
the so-called replay attack becomes possible, the communication link between 
certification data verification equipment 10 and certification data generation equipment 
11 gives the random-number effectiveness to the data for authentication using a 
random number r, and in case it verifies the data which certification data generation 
equipment 11 returns, it consists of as [ this ] so that the random-number effectiveness 
may be removed. 

[0132] 3. the RSA method which the 1st operation part 112 in certification data 
generation equipment 11 acquired the access ticket t memorized by the access ticket 
storage section 113, and was written in the received-data storage section 111 - perform 
a formula 12 by the several n basis, and obtain middle information R\ 
[Equation 12] (12) R'=Ct mod n [0133] 4. a user's proper information e that the 2nd 
operation part 114 in certification data generation equipment 11 is memorized by the 
user proper information storage section 115 - acquiring count of a formula 13 " 
performing - difference - acquire Information S. 

[Equation 13] (13) S=Ce mod The certification data generation section 116 in n5. 
certification data generation equipment 11 obtains R' and S from the 1st and 2nd 
operation part 112 and 114, calculates a formula 14 and obtains R. 

[Equation 14] (14) R=R'S mod n [0134] 6. Certification data generation equipment 11 
returns R to the received-data storage section 105 of certification data verification 
equipment 10. 

[0135] 7. The random-number effectiveness removal section 123 in certification data 
verification equipment 10 takes out the certification data R from the random number r 
previously generated out of the random-number storage section 103, and the 
received-data storage section 106, and calculates a formula 15. 



[Equation 15] (15) K 1 - the combination of the proper information e of the access ticket t 
used in =i-1R mod n certification data generation equipment 11, and a user - a right 
case - as long as - note that K' obtained as a result of count and K are in agreement. 
[0136] Although calculated K f is handed over by the activation means 310 in 
certification data verification equipment 10, the activation means 310 is constituted so 
that it may restrict when K-K is materialized, and processing of normal may be 
performed. 

[0137] Below, several construction of the activation means 310 in certification data 
verification equipment 10 is described. 

[0138] 1. Memorize Data K beforehand to storage section 310a in the example activation 
means 310 of a configuration of drawing 7 . Comparator 310b in the activation section 
310 compares directly K' which removes the random-number effectiveness and is 
obtained from the certification data R sent from this K and certification data generation 
equipment 11, when K—K is materialized, it restricts it, it performs processing of 
normal, and when not materialized, error processing of stopping processing is 
performed ( drawing 8 ). 

[0139] There is a weak spot on the insurance that the data K used for verification 
appear in equipment in this example of a configuration. For example, it is not 
necessarily impossible to analyze a program and to steal K, when constituted as 
certification data verification equipment 10 and a program to which the activation 
means 310 operates on a user's PC or a workstation especially, even if difficult. The 
value of K serves as a place which a user gets to know, and becomes possible 
[ constituting the equipment which copies / that the random number generated with 
certification data verification equipment can be expected further and / actuation of 
certification data generation equipment ], and unlawful access of it by spoofing is 
attained. 

[0140] 2. Since the fault of the example above of a configuration of drawing 9 is 
improved, the data memorized by storage section 310a can also be set to data h (K) 
obtained by not the K itself but K by giving the above-mentioned one-way hash function 
h. It is remarkably difficult to compute x which fills y=h (x) from the data y memorized 
by storage section 310a from the property of an one-way hash function. 
[0141] The activation section 310 has transducer 310c which returns the result of 
having given the one-way hash function to the input data. Comparator 310b compares 
the data (=h (K)) memorized by the output h of the above-mentioned transducer 310c 
(KO, and storage section 310a ( drawing 10 ). 

[0142] In this example of an approach, since it is remarkably difficult to calculate h (K) 



to K which the data K used for verification did not appear in the program, and was 
memorized by storage section 310a, it can be said that it is safer than the example of 
drawing 7 . 

[0143] Program execution is controlled by this configuration to be shown in drawing 10 . 
[0144] However, in the program, comparator 310b is constituted as conditional 
statement, when it is certification data verification equipment 10 and the program to 
which the activation means 310 operates on a user's PC or a workstation especially, 
with a configuration for which analysis and an alteration of a program are 
comparatively easy, is the point which can alter a program so that this conditional 
statement may be skipped, and, in addition, has the weak spot. 

[0145] 3. Hold in the ** data storage section 122 for authentication in the example of a 
configuration of the example 3rd of a configuration of drawing 11 , using as ** data Cfor 
authentication 1 the data which enciphered a part or all of a program of a code. [ of 
certification data verification equipment 10 ] [ of the activation section 310 ] That is, K 
is a part or all of a code of an activation section program. 

[0146] The activation means 310 embeds data K* which removes the random-number 
effectiveness and is obtained from the reply data from certification data generation 
equipment 11 in the location where it was beforehand set in the program. That is, the 
activation means 310 has 310d of code storage sections which memorize data K' as a 
code, code incorporation section 310e which incorporates this code in a program, and 
310f of code activation sections which perform a program. When certification data 
generation equipment 11 answers a letter in right data, activation of a program is 
attained only within the case where it is K -K ( drawing 12 ). 

[0147] Unjust activation can be prevented even when [ with comparatively low safety ] 
the activation means 310 consists of this example of a configuration as an application 
program which operates on a user's PC or a workstation, since a part or all of a code 
indispensable to program execution is enciphered. 

[0148] The case where the activation means 310 is constituted as an application 
program which operates on a user's PC or a workstation is taken for an example, and a 
still more detailed configuration is described. 

[0149] 310d of code storage sections in which certification data are written is the storage 
region where it was specified in the computer. 

[0150] 310f of code activation sections is CPU and OS of a computer. CPU and OS 
cooperate and execute in order the run command memorized to the program field of a 
computer. A series of run commands which offer a specific function are called a program 
code. 



[0151] The stereo of code incorporation section 310e is a program code first performed in 
the activation means 310. Code incorporation section 310e can direct the address of 
310d of code storage sections in 310f of code activation sections directly and indirectly. 
For example, code incorporation section 310e may direct the physical address of 310d of 
code storage sections in 310f of direct-code activation sections, when OS of a computer 
performs virtual addressing, code incorporation section 310e may direct the virtual 
address of 310d of code storage sections, and the approach of changing into a physical 
address the virtual address received via CPU is sufficient as OS. 

[0152] If code incorporation section 310e which is a program is started where 
certification data are written in 310d of code storage sections, it will order 310f of code 
activation sections, and code incorporation section 310e will perform them so that the 
contents memorized to the address of 310d of code storage sections may be written out 
to the specific address of the program field on a computer. 

[0153] Subsequently, code incorporation section 310e orders 310f of code activation 
sections using a JMP instruction etc. to execute the run command of the specific address 
in a program field to which ordered 3JL0f of code activation sections, and the contents of 
storage of 310d of code storage sections were made to write out. 

[0154] In this example of a configuration, if certification data are correctly generated by 
certification data generation equipment 11, data after removing the random-number 
effectiveness will be a series of run commands 310f of program codes, i.e., the code 
activation section. Therefore, with the above-mentioned configuration, the program 
code decoded by the certification data generation means 11 will be performed following 
on the program code of code incorporation section 310e. 

[0155] 4. In the example of a configuration of the example 3rd of a configuration of 
drawing 13. a decode key required in order to decode the enciphered code can also be set 
to K. According to this configuration, it cannot be concerned with the size of the code to 
encipher, but it can become possible to hold down the size of K, i.e., the size of** data C 
for authentication, to a small fixed value, and a communicative overhead can be 
decreased. 

[0156] The activation section 310 decodes the code of the field where it was beforehand 
set in the program using data K' which removes the random-number effectiveness and 
is obtained from the reply data from certification data generation equipment 11. That is, 
the activation section 310 has 310g of program store sections which memorize the 
enciphered program, 310h of decode sections which read the enciphered program and 
are decoded using data K\ code takeoff-connection 310i that takes out the decoded code, 
and 310f of code activation sections which perform the taken-out code. 



[0157] The case where the activation means 310 is constituted as an application 
program which operates on a user's PC or a workstation is taken for an example, and a 
still more detailed configuration is described. 

[0158] 310g of program store sections the enciphered program code is remembered to be 

is the storage region where it was specified in the computer. 

[0159] 310f of code activation sections is CPU and OS of a computer. 

[0160] 310g of program store sections can presuppose that it is a hard disk etc. a file 

space on an auxiliary storage unit. That is, the enciphered program code is memorized 

as a file. 

[0161] The stereo of 310h of decode sections is a program code first performed in the 
activation means 310. 310h of decode sections can direct the address of 310g of program 
store sections in 310f of code activation sections directly and indirectly. 
[0162] Where K 1 is given, when 310h of decode sections which are a program is started, 
310h of decode sections The data memorized by 310g of program store sections are read 
for every block of order or the defined die length. Predetermined decode processing 
which used K 1 as the decode key is performed to the data, it orders 310f of code 
activation sections, and they are performed so that the decode result may be written out 
to the specific address of the program field on a computer. It means writing the result of 
having performed the predetermined decode algorithm in the specific location in a 
program field by using K 1 as a decode key to the encryption data memorized by 310g of 
program store sections by this processing. 

[0163] Subsequently, 310h of decode sections orders 31 Of of code activation sections 
using a JMP instruction etc. to execute the run command of the specific address in a 
program field to which the program code which ordered to 310f of code activation 
sections, and was decoded was made to write out. 

[0164] In this example of a configuration, if certification data are correctly generated by 
certification data generation equipment 11, the value after removing the 
random-number effectiveness will serve as a decode key for decoding correctly the 
enciphered program code which is memorized by 310g of program store sections. Using 
this decode key, 310h of decode sections decodes said encryption program code, and they 
order 310f of code activation sections to load the program code which it is as a result of 
decode to a program field, and to perform said loaded program code. Therefore, with the 
above-mentioned configuration, the program code decoded using the decode key decoded 
by the certification data generation means 11 will be performed following on the 
program code of 310h of decode sections ( drawing 14 ). 
[The third example] 



[0165] In the third example in this invention, the access ticket t is data generated based 
on the following formula 16. 
[Equation 16] 

(16) t = D+F(n,e) 

Each notation in an upper type expresses the following. 

[0166] n is the product of the number p and q of the RSA methods, i.e., the two 
sufficiently big prime factors, (n=pq). 

[0167] The user proper information e is a different number for every user, and it is used 
in order to identify a user. 

[0168] phi (n) is the Euler number of n, i.e., the product of p-1 and q-1, (phi (n) = (p-l) 
<q-D). 

[0169] the access ticket private key D - law - it is a RSA private key under a number n, 
and a formula 17 is filled. 
[Equation 17] 

(17) gcd(D, phi (n)) =1 - here, gcd (x y) expresses the greatest common measure of more 
than 2 [ x ] and y. The property expressed by the formula (17) guarantees that several E 
which fills a formula 18 exists. 

[Equation 18] 

(18) ED mod phi (n) = IE is called an access ticket public key. 

[0170] The 2 variable function F (x y) is a 2 variable function with which a function 
value cannot collide easily, for example, can be defined like a formula 19 using the 
above-mentioned one-way hash function h. 
[Equation 19] 

(19) F(x,y)=h(x|y) 

With reference to drawing, the second example is further explained to a detail. Drawing 
15 shows the configuration of the third example in this invention, and drawing 16 shows 
the flow of the data in drawing 15 . In drawing 15. certification data generation 
equipment 11 is constituted including the received-data storage section 111, the 1st 
operation part 112, the access ticket storage section 113, the 2nd operation part 114, the 
user proper information storage section 115, the certification data generation section 
116, and the characteristic generation section 130. Certification data verification 
equipment 10 can adopt the configuration of the first example ( drawing 3 ) or the 
second example ( drawing 5 ). Here, explanation is not repeated. 
[0171] The actuation in this configuration is explained below. 
1. When a user accesses, certification data verification equipment 10 is started. 
[0172] It is not different from the case of the first and the second example for the server 



program on the server connected through PC, workstation, and network of the 
application program and user who operate on a user's PC or a workstation or all of the 
equipment of dedication like an IC card reader writer to be possible as the 
implementation approach of certification data verification equipment 10. 
[0173] 2. the law of the RSA cryptograph certification data verification equipment 10 is 
remembered to be by the data C for authentication, and the access ticket public key 
storage section 101 -■ write a group with a number n in the received-data storage section 
111 in certification data generation equipment 11. 

[0174] Since both the approach stated in the first example and the approach stated in 
the second example are applicable as a generation method of C, it does not limit 
especially here. C generated by said one of approaches shall be written in the 
received-data storage section 111 in certification data generation equipment 11. 
[0175] 3. the RSA method which the 1st operation part 112 in certification data 
generation equipment 11 acquired the access ticket t memorized by the access ticket 
storage section 113, and was written in the received-data storage section 111 perform 
a formula 20 by the several n basis, and obtain middle information R\ 
[Equation 20] (20) R-Ct mod n [0176] 4. The characteristic generation section 130 in 
certification data generation equipment 11 acquires a user's proper information e 
memorized by the user proper information storage section 115, and performs count of a 
formula 21. 

[Equation 21] (21) F(n,e) 

[0177] 5. the data with which the 2nd operation part 114 in certification data generation 
equipment 11 was generated in the characteristic generation section 130 - using - 
count of a formula 22 - performing difference - acquire Information S. 
[Equation 22] (22) S=CF (n, e) mod The certification data generation section 116 in n6. 
certification data generation equipment 11 obtains R' and S from the 1st and 2nd 
operation part 112 and 114, calculates a formula 23 and obtains R. 

[Equation 23] (23) R=R f S -1 mod n, however S-l - law the inverse number of S under 
n, i.e., the number which fills a formula 24, is expressed. 

[Equation 24] (24) S-S -1 mod n= 1 [0178] 7. Certification data generation equipment 11 
returns R to the received-data storage section 105 of certification data verification 
equipment 10. 

[0179] 8. Although the certification data received from certification data generation 
equipment 11 are verified with certification data verification equipment 10, the 
verification approach changes with generation methods of C which is some data for 
authentication. 



[0180] If C is generated based on the approach of the first example, the verification will 

be performed according to the approach stated to the first example. 

[0181] If C is generated based on the approach of the second example, the verification 

will be performed according to the approach stated to the second example. 

[The fourth example] 

[0182] The case where it is constituted from the fourth example by the portable 
operation means of the IC card with which a user's PC, the program on a workstation 
and. said PC, or a workstation is equipped with certification data generation equipment, 
or a PC card (PCMCIA card) in the first thru/or the third example is described. 
[0183] In the certification data generation equipment 11 of the first thru/or the third 
example, the user proper information e is confidential information, and attention must 
be paid [ not revealing outside and ]. Moreover, when actuation of the 2nd operation 
part 114 which performs count using the user proper information e is observed, there is 
risk of the user proper information e being revealed. It is also the same as when the 
computation of the function F in the third example (x y) is observed. That is, in order to 
prevent leakage of the user proper information e, it must prevent that the interior of the 
user proper information storage section 115, the 2nd operation part 114, and the 
characteristic generation section 130 is observed from the outside. In order to attain 
this purpose, it is effective if some certification data generation equipments 11 are 
constituted as hardware. 

[0184] If the means which has portability like an IC card and a PC card as such 
hardware will be used, a user's convenience can be raised further. Parts peculiar to a 
user among certification data generation equipment are only the user proper 
information storage section and the access ticket storage section. Therefore, for example, 
the user proper information storage section 115 and the access ticket storage section 113, 
If the 2nd operation part 114 and the characteristic generation section 130 will be 
constituted in an IC card and a PC card and it will constitute as a program which 
operates on PC with which a user uses the remaining part of certification data 
generation equipment, or a workstation A part peculiar to each user will be realized 
among certification data generation equipment 11 as the IC card and a PC card which 
each user can carry, and the intersection independent of a user will be constituted 
common to PC or the workstation of arbitration as a program. It becomes possible only 
by every user equipping with his own IC card and PC card PC or the workstation of 
arbitration by which it was installed in said program by such configuration to use this 
PC or a workstation as certification data generation equipment for oneself. 
[0185] Now, hardware with the special configuration for preventing data and the 



program which were stored in the internal memory being observed from the outside, or 
being altered is called tamper-proof hardware (tamper REJISUTANTO hardware). As 
construction of tamper-proof hardware, patent No. 1863953, patent No. 1860463, 
JP,3*100753,A, etc. are known, for example. 

[0186] In patent No. 1863953, the envelopment object which consists of two or more 
cards which have various kinds of conductor patterns in the perimeter of an information 
storage medium is established. Storage information is destroyed when it differs from 
the pattern with which the conductor pattern detected is predicted. 

[0187] patent No. 1860463 - setting the perimeter of an information storage medium 
- a conductor - while forming a coil, it is preparing the detecting circuit which consists 
of an integrating circuit etc., and when invasion to an electronic-circuitry field is, 
fluctuation of electromagnetic energy is detected and storage information is destroyed. 
[0188] In JP,3-100753,A, an optical detector is prepared in the interior of hardware, an 
optical detector detects the outdoor daylight which enters when the force is applied and 
destroyed by hardware and it is punched, and a storage destructor resets storage 
information. 

[0189] The further convenience to a user can be offered by realizing such tamper*proof 
hardware as an arithmetic unit in which a cellular phone like an IC card or a PC card 
(PCMCIA card) is possible. 

[0190] Moreover, the microcontroller mounted in an IC card is supposed that it has high 
density assembly, therefore a tamper-proof property considerable at itself. 
[0191] a user proper information storage means 115 by which drawing 17 holds the user 
proper information e in the first and the second example, and difference — a second 
operation means 114 to generate information shows the configuration enclosed with 
tamper-proof hardware 160 like an IC card. 

[0192] the user proper information storage section 115 in which drawing 18 holds the 
user proper information e in the third example, and difference ■■ the 2nd operation part 
114 which generates information in addition, the configuration in which the 
characteristic generation section 130 is also enclosed with the tamper-proof hardware 
161 is shown. 

[0193] The IC card side I/F section 141 is an IC card side interface which manages the 
communication link of an IC card with a host, and, specifically, consists of a 
communication buffer and a communications program. The remaining part of the 
certification data generation equipment is constituted as a program which operates on a 
user's PC or a workstation. Since an operation of each means in the tamper-proof 
hardware 161 is as having stated to the first thru/or the third example, below, an 



operation of the part is not explained. Moreover, although tamper-proof hardware is 
assumed to be what is an IC card in order to give explanation simple, this assumption 
does not restrict the generality of this invention at all. Drawing 19 shows the flow of the 
data in drawing 17 and drawing 18 . 
[0194] Below, actuation is explained. 

1. When a user accesses, certification data verification equipment 10 is started. 
[0195] 2. the law of the RSA cryptograph certification data verification equipment 10 is 
remembered to be by the data C for authentication, and the access ticket public key 
storage section 101 — write a group with a number n in the received-data storage section 
111 in certification data generation equipment 11. 

[0196] 3. The host side interface section 140 in certification data generation equipment 
11 hands over the data C and n for authentication written in the received-data storage 
section 111 in the IC card side interface section 141. The host side interface section 140 
manages the data communication between a host and an IC card in harmony with the 
IC card side interface section 141 prepared into the IC card. 

[0197] 4. The access ticket retrieval section 142 searches and acquires the access ticket t 
memorized by the access ticket storage section 113 as a key of retrieval of the number n 
of the RSA methods. 

[0198] 5. The 1st operation part 112 performs a formula 25 under the number n of the 
RSA methods written in the received-data storage section 111, and obtains middle 
information R\ 

[Equation 25] (25) R-Ct mod n [0199] 6. subsequently, the host side interface section 
140 -- the IC card side interface section 141 - a command - publishing - as the return 
value -- difference " acquire Information S. 

[0200] the case where the means in an access ticket and an IC card is based on the first 
or the second example, and is constituted - difference — Information S is a value 
calculated by the formula 26. 

[Equation 26] (26) S=Ce mod n [0201] the case where the means in an access ticket and 
an IC card is based on the third example, and is constituted - difference - Information 
S is a value calculated by the formula 27. 

[Equation 27] (27) S=CF (n, e) mod When R' and S are obtained from the 1st and 2nd 
operation part 112 and 114, it is based on the first and the second example and the 
certification data generation section 116 in n7. certification data generation equipment 
11 is based on a formula 28 and the third example, it calculates a formula 29 and 
obtains R. 

[Equation 28] (28) R=R f S mod n - [Equation 29] (29) R=R'S -1 mod n [0202] 8. 



Certification data generation equipment 11 returns R to the received-data storage 
section 105 of certification data verification equipment 10. 

[0203] the above-mentioned operation - setting - middle information R' and difference 
— since count of Information S is performed by juxtaposition by the IC card side which 
contains a calculation function the host side who is a user's PC or workstation - the 
certification data generation means 11 the data C for authentication, and law - the 
execution time after receiving a number n until it calculates the certification data R can 
be shortened, and, therefore, processing effectiveness is raised. 

[0204] In this example, since those numbers n of the RSA methods differ if access tickets 
differ although two or more access tickets are memorized by the access ticket storage 
section 113, by using n as a key, it matches with n and an access ticket is remembered 
that retrieval is possible. 

[0205] Moreover, it is a base that the numbers n of the RSA methods which application 
and a server use for an access control differ for every application or server. 
[0206] The access ticket retrieval section 142 searches a suitable access ticket by using 
as a key the number n of the RSA methods given from certification data verification 
equipment 10, and presents generation of future certification data with it. By this 
retrieval function, certification data generation equipment 11 becomes possible 
[ calculating and returning suitable certification data according to the accessed object 
(the application according to individual, and server according to individual) ], without 
forcing a burden upon a user in any way. 

[0207] [the fifth example] — in the fifth example in this invention, a Pohlig-Hellman 
unsymmetrical key code is used instead of the RSA public key encryption used in the 
third example. 

[0208] a Pohlig-Hellman unsymmetrical key code law - the point using the big prime 
factor p as a number -■ it is — law - different outside from the RSA public key encryption 
using the product n of the two prime factors (= pq) as a number is the same cipher 
system as RSA public key encryption, however - RSA public key encryption - one key E 
and law - it was possible to have used D as an individual being secret from a number n, 
using E and n as a public key, since it was very difficult to calculate another key D. On 
the other hand, in a Pohlig-Hellman unsymmetrical key code code, from E and p, since 
D is easily calculable, E and p cannot be used as a public key. That is, it is necessary to 
make both E and D secret [ between persons concerned ], and the same use gestalt as a 
common key encryptosystem like DES (Data Encryption Standard) must be taken. 
[0209] In this example, the access ticket t is data generated based on the following 
formula 30. 



[Equation 30] 

(30) t = D+F(p,e) 

Each notation in an upper type expresses the following. 
[0210] p is the sufficiently big prime factor. 

[0211] The user proper information e is a different number for every user, and it is used 
in order to identify a user. 

[0212] the access ticket private key D - law - on the other hand, the key of the 
Pohlig-Hellraan code under a number p comes out, it is and a formula 31 is filled. 
[Equation 31] 

(31) gcd(D, p-l) =1 - here, gcd (x y) expresses the greatest common measure of more 
than 2 [ x ] and y. 

[0213] The property expressed by the formula 31 guarantees that several E which fills a 
formula 32 exists. 
[Equation 32] 

(32) ED mod p-l = 1 [0214] The 2 variable function F (x y) is a 2 variable function with 
which a function value cannot collide easily, for example, can be defined like a formula 
33 using the above-mentioned one-way hash function h. 

[Equation 33] 

(33) F(x,y)=h(x|y) 

Below, with reference to drawing 20 and drawing 21 , the fifth example is further 
explained to a detail. Drawing 20 shows the configuration of the fifth example and 
drawing 21 shows the flow of the data in drawing 20 . In drawing 20. certification data 
verification equipment 20 is constituted including the key storage section 401, the 
random-number-generation section 402, the random-number storage section 403, the 
received-data storage section 405, the random-number-ized section 421, the ** data 
storage section 422 for authentication, the random-number effectiveness removal 
section 423, and the activation means 310. Moreover, the certification data generation 
section 41 is constituted including the received-data storage section 411, the 1st 
operation part 412, the access ticket storage section 413, the 2nd operation part 414, the 
user proper information storage section 415, the certification data generation section 
416, and the characteristic generation section 430. 
[0215] Below, actuation is explained. 

1. When a user accesses, certification data verification equipment 40 is started. 
[0216] 2. the law certification data verification equipment 40 is remembered to be by the 
data C for authentication, and the key storage section 401 - write a group with a 
number p in the received-data storage section 411 in certification data generation 



equipment 41. 

[0217] Although based on the approach which applied to the approach stated in the 
second example correspondingly as a generation method of C in this example, it is not 
difficult to constitute the approach according to the approach stated in the first example, 
either. 

[0218] the law currently held in the random number r among certification data 
verification equipment by the random-number-generation section 402 of 40 at the key 
storage section 401 - it generates so that it may become a number p and relatively 
prime, and it records on the random-number storage section 403. the 
random*number*ized section 421 is stored in the key storage section 401 having - 
**** a characteristic E and law - a formula 34 is calculated by acquiring a number p 
and acquiring data C further memorized by the ** data storage section 422 for 
authentication. 

[Equation 34] (34) C^EC mod p - here, ** data C ! for authentication is the value which 
was generated so that relational expression 35 might be filled to Data K, and was stored 
in the ** data storage section 305 for authentication. 

[Equation 35] (35) C'=KE mod p [0219] 3. The 1st operation part 412 in certification 
data generation equipment 41 acquires the access ticket t memorized by the access 
ticket storage section 413, performs a formula 36 under the number p of the RSA 
methods written in the received-data storage section 411, and obtains middle 
information R\ 

[Equation 36] (36) R'=Ct mod p [0220] 4. The characteristic generation section 430 in 
certification data generation equipment 41 acquires a user's proper information e 
memorized by the user proper information storage section 415, and performs count of a 
formula 37. 

[Equation 37] (37) F(p,e) 

[0221] 5. the data with which the 2nd operation part 414 in certification data generation 

equipment 11 was generated in the characteristic generation section 430 - using - 

count of a formula 38 " performing -- difference " acquire Information S. 

[Equation 38] (38) S=CF (p, e) mod The certification data generation section 416 in p6. 

certification data generation equipment 41 obtains R f and S from the 1st and 2nd 

operation part 412 and 414, calculates a formula 39 and obtains R. 

[Equation 39] (39) R=R'S -1 mod p, however S-l - law - the inverse number of S under 

p, i.e., the number which fills a formula 40, is expressed. 

[Equation 40] (40) SS-1 mod p = 1 [0222] 7. Certification data generation equipment 41 
returns R to the received-data storage section 405 of certification data verification 



equipment 40. 

[0223] 8. The random-number effectiveness removal section 423 in certification data 

verification equipment 10 takes out the random number r previously generated out of 

the random-number storage section 403, and calculates a formula 41. 

[Equation 41] (41) K 1 — the combination of the first proper information e of the access 

ticket t used in =r*lR mod p certification data generation equipment 41, and a user — a 

right case - as long as - note that K' obtained as a result of count and K are in 

agreement. 

[The sixth example] 

[0224] The sixth example of this invention shows the example of a configuration which 
used ElGamal public key encryption instead of the RSA public key encryption in the 
third example. 

[0225] In the sixth example in this invention, the access ticket t is data generated based 
on the following formula 42. 
[Equation 42] 
(42) t = X+F(p,e) 

Each notation in an upper type expresses the following. 
[0226] p is the sufficiently big prime factor. 

[0227] The user proper information e is a different number for every user, and it is used 
in order to identify a user. 

[0228] the access ticket private key X - law - it is the private key of the ElGamal 
cryptosystem under a number p, and suppose that it is Y a corresponding public key. 
That is, a formula 43 is filled. 

[Equation 43] (43) Y = aX mod p - here, a fills the generator 44 and 45 of the 
multiplicative group of the finite field of order p, i.e., formulas. 
[Equation 44] (44) a != 0 - [Equation 45] 

(45) min {x>0 I ax=l mod p} = p-1 and Y are called an access ticket public key. 

[0229] The 2 variable function F (x y) is a 2 variable function with which a function 
value cannot collide easily, for example, can be defined like a formula 46 using the 
above-mentioned one-way hash function h. 
[Equation 46] 

(46) F(x,y)=h(x|y) 

Below, with reference to drawing 22 and drawing 23 , the sixth example is explained 
further. Drawing 22 shows the configuration of the sixth example and drawing 23 shows 
the flow of the data in the sixth example. In drawing 22. certification data verification 
equipment 50 is constituted including the access ticket public key storage section 501, 



the random-number-generation section 502, the random-number storage section 503, 
the received-data storage section 505, the random-number-ized section 521, the ** data 
storage section 522 for authentication, the random-number effectiveness removal 
section 523, and the activation means 310. The certification data generation section 51 
is constituted including the received-data storage section 511, the 1st operation part 512, 
the access ticket storage section 513, the 2nd operation part 514, the user proper 
information storage section 515, the certification data generation section 516, and the 
characteristic generation section 530. 
[0230] Actuation is explained below. 

1. When a user accesses, certification data verification equipment 50 is started. 
[023 1] 2. the law by which certification data verification equipment 50 is remembered to 
be the groups u and C of the data for authentication by the access ticket public key 
storage section 501 - write a number p in the received-data storage section 511 in 
certification data generation equipment 51. 

[0232] Although u and C are memorized as ** data for authentication by the ** data 

storage section 522 for authentication, they fulfill the following property. 

[0233] u - Above a - law - it is the number which made the suitable random number z 

the characteristic and carried out the exponentiation under p, namely, a formula 47 is 

filled. 

[Equation 47] (47) u = az mod p [0234] C - the access ticket public key Y - law it is 
the basis of p, and it is the number which made the above-mentioned random number z 
the characteristic, and carried out the exponentiation, and a product with the suitable 
data K, and a formula 48 is filled. 

[Equation 48] (48) C-YzK mod p [0235] The data C for authentication are generated as 
follows. 

[0236] the law by which certification data verification equipment 50 is held by the 
random-number-generation section 502 in the random number r at the access ticket 
public key storage section 501 - it generates so that it may become a number p and 
relatively prime, and it records on the random-number storage section 503. 
[0237] Subsequently, the random-number-ized section 521 calculates a formula 49 by 
acquiring data C f memorized by the ** data storage section 522 for authentication. 
[Equation 49] (49) C=rC' mod p [0238] 3. the law which the 1st operation part 512 in 
certification data generation equipment 51 acquired the access ticket t memorized by 
the access ticket storage section 513, and was written in the received-data storage 
section 511 ■- perform a formula 50 under a number p and acquire the middle 
information S. 



[Equation 50] (50) S = ut mod p [0239] 4. The characteristic generation section 530 in 
certification data generation equipment 51 acquires a user's proper information e 
memorized by the user proper information storage section 515, and performs count of a 
formula 51. 
[Equation 51] 

(51) F(p,e) 

[0240] 5. the data with which the 2nd operation part 514 in certification data generation 
equipment 51 was generated in the characteristic generation section 530 - using " 
count of a formula 52 - performing - difference - obtain information S\ 
[Equation 52] 

(52) S' = uF (p, e) mod p [0241] 6. The certification data generation section 516 in 
certification data generation equipment 51 obtains S and S' from the 1st and 2nd 
operation part 512 and 514, calculates a formula 53 and obtains R. 

[Equation 53] 

(53) R = S-l S'C mod p, however S-l - law - the inverse number of S under p, i.e., the 
number which fills a formula 54, is expressed. 

[Equation 54] (54) SS*1 mod p = 1 [0242] 7. Certification data generation equipment 51 
returns R to the received-data storage section 505 of certification data verification 
equipment 50. 

[0243] 8. The random-number effectiveness removal section 523 in certification data 
verification equipment 10 takes out the random number r previously generated out of 
the random-number storage section 503, and calculates a formula 55. 
[Equation 55] (55) K 1 - the combination of the proper information e of the access ticket t 
used in =r-lR mod p certification data generation equipment 51, and a user - a right 
case as long as - note that K' obtained as a result of count and K are in agreement. 
Now, when the above-mentioned gestalt is carried out directly, the following problems 
arise. That is, it becomes possible by applying the same ** data u for authentication and 
same C 1 to the access rating authentication procedure of multiple times to constitute the 
equipment which copies an operation of certification data generation equipment 11 
without user proper information or an access ticket. From the ** data C for 
authentication published from certification data verification equipment 10 in a 
first-time authentication procedure, and the certification data R which certification 
data generation equipment 11 generates to first, H=RC -1 mod p is calculated. This H is 
recorded on imitation equipment instead of user proper information and an access ticket. 
Imitation equipment is formula R=HC to the ** data for authentication of arbitration (u, 
C) which certification data verification equipment 10 publishes, mod What is necessary 



is to generate the certification data R according to p, and just to make it return to 
certification data verification equipment 10. As an approach of coping with this attack, 
only the required number memorizes the group u of the ** data for authentication, and 
C in the ** data storage section 522 for authentication, and how to make it throwing 
away at every authentication procedure can be considered. It is made mutually different 
[ the random number z used for the generation ] by the ** data for authentication which 
are different from each other here, u is u=ak. Although it defines as modp, please care 
about that k was a random number. 
[The seventh example] 

[0244] In the seventh example of this invention, the example of a configuration using 
the signature key of an ElGamal signature is described as description information on 
access rating authentication. 

[0245] In the seventh example in this invention, the access ticket t is data generated 
based on a formula 56. 
[Equation 56] 

(56) t = X+F(p,e) 

Each notation in an upper type expresses the following. 
[0246] p is the sufficiently big prime factor. 

[0247] The user proper information e is a different number for every user, and it is used 
in order to identify a user. 

[0248] the access ticket private key X - law " it is the signature key of the ElGamal 
signature by the basis of a number p, and suppose that it is Y a corresponding public key. 
That is, a formula 57 is filled. 
[Equation 57] 

(57) Y = aX mod p here, a fills the generator 58 and 59 of the multiplicative group of 
the finite field of order p, i.e., formulas. 

[Equation 58] (58) a != 0 - [Equation 59] 

(59) min {x>0 1 ax=l mod p} = p - 1 and Y are called an access ticket public key. 

[0249] The 2 variable function F (x y) is a 2 variable function with which a function 
value cannot collide easily, for example, can be defined like a formula 60 using the 
above-mentioned one-way hash function h. 
[Equation 60] 

(60) F(x,y)=h(x|y) 

[0250] With reference to drawing 24 and drawing 25 , the seventh example is explained 
further below. Drawing 24 shows the configuration of the seventh example and drawing 
25 shows the flow of the data in the seventh example. In drawing 24. certification data 



verification equipment 60 is constituted including the access ticket public key storage 
section 601, the random-number-generation section 602, the random-number storage 
section 603, the received-data storage section 605, the verification section 606, the 
activation section 607, and the error-processing section 608. Moreover, certification data 
generation equipment 61 is constituted including the received-data storage section 611, 
the random-number-generation section 612, the 1st operation part 613, the 2nd 
operation part 614, the access ticket storage section 615, and the user proper 
information storage section 616. Actuation is explained below. 
1. When a user accesses, certification data verification equipment 60 is started. 
[0251] 2. the law certification data verification equipment 60 is remembered to be by the 
data C for authentication, and the access ticket public key storage section 601 " write a 
number p and Generator a in the received-data storage section 611 in certification data 
generation equipment 61. The data C for authentication are generated as follows. 
[0252] the law by which certification data verification equipment 60 is held by the 
random-number- generation section 602 in the random number r at the access ticket 
public key storage section 601 " while it generates so that it may become a number p 
and relatively prime, and recording said r on the random-number storage section 603, it 
considers as the data C for authentication (C=r). 

[0253] 3. the random-number generation section 612 in certification data generation 
equipment 61 law - generate a p-1 number and the random number k which is 
relatively prime. 

[0254] the law by which the 1st operation part 613 was written in said random number 
k and the received-data storage section 611 - the first certification data R is calculated 
from a number p and Generator a according to a formula 61. 

[Equation 61] (61) R = ak mod p [0255] the user proper information e memorized by the 
access ticket t and the user proper information storage section 616 the 2nd operation 
part 614 is remembered to be by the access ticket storage section 615, said random 
number k, the first [ said ] certification data R and the data C for authentication written 
in the received-data storage section 611, and law - the second certification data S is 
calculated from a number p according to a formula 62. 
[Equation 62] 

(62) S = (C-R (t-F (p, e))) k-1 mod p-1 [0256] 4. Certification data generation equipment 
61 returns R and S which are the first and second certification data to the received-data 
storage section 605 of certification data verification equipment 60. 

[0257] 5. The verification section 606 in certification data verification equipment 60 
takes out Y and p which are memorized by the random number r (= C) and the access 



ticket public key storage section 601 which are memorized by the random-number 
storage section 603, and verifies the certification data R and S by the formula 63. 
[Equation 63] (63) ar = YRRS mod p [the eighth example] 

[0258] The eighth example of this invention describes the generation method of an 
access ticket. 

[0259] The count based on a secret number is required for generation of the access ticket 
in the first thru/or the seventh example. Therefore, the secret number used for count 
needs to be revealed, or generation of an access ticket needs to be performed with safe 
equipment without a fear of being exposed of the intermediate result of count. 
[0260] The easiest approach for constituting such safe equipment is building the server 
which provides a user with access ticket issue service on PC which a user's uses, or a 
computer independent of a workstation. A server generates an access ticket according to 
the demand from a user. The computational procedure of a secret number and an access 
ticket is protected by constituting in the configuration of a server, so that the invasion 
from the outside may be intercepted. 

[0261] For example, it becomes possible to intercept the invasion from the outside by 
being locked and constituting an access ticket issue server on the computer of the 
individual interior of a room by which receipts and payments are managed severely. 
[0262] Moreover, in order to raise a user's convenience, it is also possible to connect said 
access ticket issue server to a network, and to constitute the access ticket issue demand 
from a user through a network, so that reception and the generated access ticket may be 
too delivered to a user through a network. 

[0263] Thus, when connecting an access ticket issue server to a network, it needs to be 
built so that safety may fully be maintained also to the invasion from the outside 
through a network using a fire wall technique (D. refer to Brent Chapman & Elizabeth 
D. Zwicky, Building Internet Firewalls, O'Reilly & Associates, Inc. or the Japanese 
translation, fire wall construction, and O'Reilly Japan). 

[0264] The access ticket in the first thru/or the seventh example is generated in the 
format which cannot be used in addition to the just user (user holding the user proper 
information e that it used when calculating an access ticket). 

[0265] The access ticket in the first thru/or the seventh example is generated by the 
basis of a still stricter safety standard. That is, even if the user who tries unjust access 
did not ask for him or those for others but collected the access tickets of the arbitration 
number, it is impossible to constitute the equipment imitating actuation of the 
certification data generation equipment which forged another access ticket from there, 
or was stated in the first thru/or the fifth example. 



[0266] It also becomes possible comparatively from the safety of the above access tickets 
to deliver to a user using a delivery means with low safety like an electronic mail about 
the access ticket which the access ticket issue server generated. 
[The ninth example] 

[0267] This example describes the proper information of a different user from the first 
thru/or the seventh example, and the construction of an access ticket. The description of 
this configuration approach is that it does not need confidential information for 
generation of an access ticket. 

[0268] Therefore, the access ticket issue server built by insurance on the occasion of 
access ticket generation to the invasion from the outside which was stated in the eighth 
example is unnecessary. A user can generate an access ticket freely by the program 
which operates on PC to own or a workstation. In a program, neither a secret constant 
nor a secret procedure exists, and even if it analyzes a program, it cannot take out any 
information which makes unlawful access possible. 

[0269] User's U proper information is the individual key d of a RSA public key pair. The 
public key corresponding to this user ! s proper information is set to (eU, nU). That is, it 
is the integer which is nU=pUqU and was determined that dU and eU will fill relational 
expression 64 to the two different large prime factors pU and qU. 
[Equation 64] 
K=dU<=(pU-l) (qU-1) 
(64) K=eU<= (pU-1) (qU-1) 
eUdU**l mod (pU-1) (qlM) 

Here, nU adds the conditions of being more than the constant N shared by all users. 
[0270] The access ticket to User U is constituted as follows. 

[0271] The public key (E, n) of a RSA public key pair is used as the public key of an 
access ticket, and this public key and the private key which makes a pair are set to D. 
When making factorization in prime numbers of n into n=pq, relational expression 65 is 
realized. 
[Equation 65] 
(6 5) 1£D<N 

DEe 1 mod (p- 1) (q - 1) 

The access ticket tU is [Equation 66] defined by the formula 66. (66) tU=DeU mod nU 
[0272] The description information on the access rating authentication in this example 
is the individual key D of said RSA public key pair. 

[0273] The certification data generation equipment 11 in this example proves that right 



certification data can be calculated through the communication Vmk with certification 
data verification equipment 10 like the case of the first thru/or the seventh example 
corresponding to the ability to know the description information on access rating 
authentication, i.e., the given data for authentication. 

[0274] The data which encipher D which is the description information on access rating 
authentication, and are obtained are an access ticket, and the description of this 
example is that it is the only decode key for a user's proper information to solve this 
encryption. Furthermore, if it says, any number of persons who can know a 
corresponding public key from the place which is using a user's proper information as 
the individual key of RSA public key encryption are in the point which can generate an 
access ticket. Below, the operation in this example is described with reference to 
drawing 26 . 

[0275] 1. Certification data verification equipment 10 writes the data C for 
authentication in the received-data storage section 711 of certification data generation 
equipment 10. 

[0276] 2. The decode key generation section 712 of certification data generation 
equipment 11 acquires the access ticket tU remembered to be a user's proper 
information dU memorized in the user proper information storage section 715 in the 
access ticket storage section 713, and calculates D' based on a formula 67. 
[Equation 67] (67) The D'=tU dU mod nU3. certification data generation section 714 
calculates a formula 68 by considering as an input the data C for authentication 
remembered to be said D' generated by the decode key generation section 712 by the 
received-data storage section 711, and asks for R. The certification data generation 
section 714 transmits to certification data verification equipment by using a count 
result as reply data. 

[Equation 68] (68) R= CD' mod n [0277] 4. Certification data verification equipment 
verifies the justification of the certification data R. 

[0278] Access ticket tU=DeU mod Since the private key D of the access ticket in nU 
must be kept secret also to User U, the user proper information storage section 713, the 
decode key generation section 712, and the certification data generation section 714 are 
enclosed into a defense means 760 to have a tamper-proof property, among the 
equipment configurations of the above-mentioned certification data generation 
equipment 11. 

[0279] It restricts, as well as the case of the 1st thru/or the seventh example when a 
user's first proper information and the right combination of an access ticket are used by 
certification data generation equipment 11, and the certification data R generated by 



certification data generation equipment are correctly verified by certification data 
verification equipment. 

[0280] [the tenth example] - the tenth example of this invention A symmetry key code is 
used for count of the certification data in certification data generation equipment 
instead of public key encryption (RSA cryptograph). If an access ticket removes the 
point which is data which encipher the decode key (the same as that of an encryption 
key) D of said symmetry key code with the public key (eU, nU) corresponding to the 
individual key of the RSA public key pair which is user proper information, and are 
obtained, it is almost the same as the ninth example. 

[0281] That is, when the encryption function of a symmetry key code is expressed as 

Encrypt (a key, plaintext) (an output is a cipher) and a decode function is expressed as 

Decrypt (a key, cipher) (an output is a plaintext), the protected certification data C are 

defined by the formula 69. 

[Equation 69] 

(69) C=Encrypt(D,K) 

Furthermore, the access ticket tU is [Equation 70] defined by the formula 70. (70) 
tU=DeU mod The equipment configuration of certification data generation equipment 
and an operation are explained based on drawing 26 R> 6 below nU. 
[0282] 1. Certification data verification equipment 10 writes the data C for 
authentication in the received-data storage section 711 of certification data generation 
equipment 10. 

[0283] 2. The decode key generation section 712 of certification data generation 
equipment 11 acquires the access ticket tU remembered to be a user's proper 
information dU memorized in the user proper information storage section 715 in the 
access ticket storage section 713, and calculates D* by the formula 71. A count result is 
outputted to the certification data generation section 714. 

[Equation 71] (71) D'=tU dU mod nU [0311] 3. The certification data generation section 

714 calculates a formula 72 by considering as an input the data C for authentication 

remembered to be D" obtained from the decode key generation section 712 by the 

received-data storage section 711, and asks for R. A count result is transmitted to 

certification data verification equipment 10 as reply data. 

[Equation 72] 

(72) R=Decrypt(D',C) 

[0284] 4. Determine whether to perform whether processing of normal is continued by 
verifying R, and error processing among certification data verification equipment 11. 
[Effect of Example(s)] - when the above-mentioned example is carried out for the 



purpose of the access control (execution control) to the application program performed 
on a user's PC or a workstation so that clearly from the above explanation, the 
effectiveness described below can be offered. 

[0285] 1. A user should just hold user proper information for even free to a proper. 
[0286] 2. Perform protection processing to a program by the unrelated approach with 
user proper information at application creation time. 

[0287] 3. An access ticket is published by the authorized user in activation of application, 
and the activation of application of this user is attained only by holding one's user 
proper information and access ticket. 

[0288] 4. Though the user who is not the owner of normal holds it, by it, if activation of 
application is possible for an access ticket, it is the approach which is not, and is 
generated by insurance. 

[0289] Even when distributing the hardware which built in user proper information to a 
user according to these descriptions, what is necessary will be for distribution to be 
managed at once for every user, and for a programmer to be concerned with whether the 
program of the place to create is used by whom, and for there to be nothing and just to 
perform protection processing of one application by the general approach. Therefore, the 
trouble which must change the protection approach of a program for every user that O 
user proper information must be set up for every application, therefore hardware must 
be mailed to a user for every application is solved, and it contributes to reduction of cost, 
and improvement in convenience sharply so that different user proper information for 
every O user which was the trouble of the conventional technique may be identified. 
[0290] According to the above-mentioned example, although an access ticket is needed 
for activation of an application program, since an access ticket is safe digital 
information available only to the user of normal, it can be delivered to a user simple 
through a network etc. 

[0291] Moreover, whenever a user changes the application program to be used, he needs 
to exchange an access ticket, but as mentioned above, since an access ticket is digital 
information, the program in a computer can perform replacement actuation easily. That 
is, the conventional complicatedness that a user has to exchange hardware whenever it 
changes an application program is canceled. 

[0292] furthermore, the time of holding all the access tickets of the combination of O 
specification which sets up a different right of activation for every part of O application 
program, since it is possible to arrange freely the certification data verification 
equipment (procedure) based on different certification data in the location of the 
arbitration in an application program in the above-mentioned example as long as - a 



fine access control [ say / granting the right of activation ] is realizable with execution 
control. 

[0293] In addition, it is clear that this invention's it is not limited to program execution 
control and this invention can be applied to the access control to privacy protection, file, 
and computer resource of e-mail. That is, access of a file etc. is controllable if the 
authentication technique of this invention is applied to the device in which a file, mail, 
and a computer resource are managed. 
[0294] 

[Effect of the Invention] It will end, if the description information and user proper 
information on access rating authentication can be made to become independent, 
therefore the protection side and user side also prepares one proper information by 
introducing the auxiliary data for certification (access ticket) according to this invention, 
as explained above. An access ticket is data calculated based on specific user proper 
information and the description information on access rating authentication, and it is 
impossible in computational complexity at least to calculate the description information 
on access rating authentication for user proper information from an access ticket to not 
knowing. And data ** for right certification is calculated only within the case where the 
right combination of user proper information and an access ticket, i.e., the combination 
of the access ticket calculated based on user proper information and this user proper 
information, is inputted. Therefore, access rating of users, such as execution control, can 
be attested by a user's possessing user proper information beforehand, and protection 
persons', such as a programmer's, preparing the description information on access 
rating authentication independently of the user proper information which a user 
possesses, and creating an access ticket according to a user's proper information and the 
description information on access rating authentication used for creation of an 
application program etc., and distributing. 

[Brief Description of the Drawings] 

[Drawing ll It is the block diagram showing the theoretic example of a configuration of 
this invention. 

[Drawing 21 It is the block diagram showing the configuration of the first example of 
this invention. 

[Drawing 3l It is the block diagram showing the configuration of the certification data 
verification equipment of the first example, and certification data generation equipment. 
[Drawing 41 It is a flow Fig. explaining actuation of the first example. 
[Drawing 5l lt is the block diagram showing the configuration of the certification data 



verification equipment of the second example, and certification data generation 
equipment. 

[Drawing 61 It is a flow Fig. explaining actuation of the certification data verification 
equipment of the second example. 

[Drawing 7] It is the block diagram showing the example of a configuration of the 
activation section of the certification data verification equipment of the second example. 
[Drawing 8] It is a flow Fig. explaining actuation of the example of a configuration of the 
activation section of drawing 7 . 

[Drawing 9ll t is the block diagram showing other examples of a configuration of the 
activation section of the certification data verification equipment of the second example. 
[Drawing 101 It is a flow Fig. explaining actuation of the example of a configuration of 
the activation section of drawing 9 . 

[Drawing 111 It is the block diagram showing other examples of a configuration of the 
activation section of the certification data verification equipment of the second example. 
[Drawing 121 It is a flow Fig. explaining actuation of the example of a configuration of 
the activation section of drawing 11 . 

[Drawing 13ll t is the block diagram showing other examples of a configuration of the 
activation section of the certification data verification equipment of the second example. 
[Drawing 14l It is a flow Fig. explaining actuation of the example of a configuration of 
the activation section of drawing 13 . 

[Drawing 15l lt is the block diagram showing the configuration of the certification data 
generation equipment of the third example of this invention. 

[Drawing 161 It is a flow Fig. explaining actuation of the certification data generation 
equipment of the third example. 

[Drawing 171 It is the block diagram showing the example of a configuration of the 
fourth example of this invention. 

[Drawing 181 It is the block diagram showing other examples of a configuration of the 
fourth example of this invention. 

[Drawing 19] It is a flow Fig. explaining actuation of drawing 17 . 

[Drawing 201 It is the block diagram showing the configuration of the fifth example of 
this invention. 

[Drawing 2l1 It is a flow Fig. explaining actuation of the data verification equipment of 
the fifth example. 

[Drawing 22] It is the block diagram showing the configuration of the sixth example of 
this invention. 

[Drawing 231 It is a flow Fig. explaining actuation of the sixth example. 



[Drawing 24] It is the block diagram showing the configuration of the seventh example 
of this invention. 

[Drawing 251 It is a flow Fig. explaining actuation of the seventh example. It is drawing 
explaining Challenge Handshake Authentication Protocol. 

[Drawing 261 It is a block diagram explaining the authentication using the access ticket 
of the ninth example and the tenth example. 
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